PatchSiren cyber security CVE debrief
CVE-2022-50949 A J Evolution CVE debrief
CVE-2022-50949 is a stored cross-site scripting issue in the WordPress plugin Videos sync PDF 1.7.4. According to the supplied CVE description and NVD record, authenticated attackers can inject malicious script content through unsanitized nom, pdf, mp4, webm, and ogg parameters, with the payload later executed when an administrator views or edits video settings. The provided NVD data marks the issue as CWE-79 and gives it a medium CVSS score of 5.1.
- Vendor
- A J Evolution
- Product
- Unknown
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-10
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-05-10
- Advisory updated
- 2026-05-10
Who should care
WordPress site administrators, plugin maintainers, and security teams responsible for sites using Videos sync PDF 1.7.4 or earlier should treat this as relevant, especially where non-admin users can reach the plugin options panel or related media settings.
Technical summary
The vulnerability is a stored XSS condition in a WordPress plugin settings workflow. The supplied record indicates that attacker-controlled values in nom, pdf, mp4, webm, and ogg parameters are not sanitized before being stored and later rendered in an administrative context. Because the payload is stored and then viewed by an administrator, impact includes arbitrary JavaScript execution in the admin browser session. The NVD metadata supplied with the record lists AV:N/AC:L/PR:L/UI:P and CWE-79.
Defensive priority
Medium. This is not marked as a KEV item in the supplied enrichment, but it is still important because it targets administrative review workflows and can enable account/session compromise or malicious configuration changes.
Recommended defensive actions
- Update or remove Videos sync PDF 1.7.4 if a fixed release is available.
- Review the plugin options panel and any stored settings for unexpected script content.
- Restrict plugin configuration access to trusted administrative accounts only.
- Inspect affected WordPress instances for signs of injected payloads in plugin settings.
- Apply web application hardening measures such as output encoding and input validation in custom code that interacts with the plugin.
- Monitor administrator sessions and recently changed plugin settings after remediation.
Evidence notes
This debrief is based only on the supplied CVE description, the NVD metadata snapshot, and the referenced advisory links in the source item. The NVD record supplied with the prompt lists CVE-2022-50949 as CWE-79 with a medium CVSS score and references a vendor site, a VulnCheck advisory, and an Exploit-DB entry. The timeline fields provided in the prompt show publishedAt and modifiedAt as 2026-05-10T13:16:32.790Z; that should be treated as record timing in the supplied dataset, not as the original vulnerability occurrence date. Vendor attribution in the prompt is low-confidence and marked needsReview.
Official resources
The supplied source data indicates a public CVE record dated 2026-05-10 and lists an NVD status of Received. This debrief avoids exploit details and relies only on the provided record and references.