Imran Emu Owl Carousel WP CVE-2026-22388
MEDIUMSeverity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2.
AnalysisAI
Stored XSS in Owl Carousel WP through version 2.2.2 allows authenticated users with high privileges to inject malicious scripts that persist in web pages and execute in visitors' browsers. An attacker with administrative access could exploit improper input sanitization to compromise site visitor sessions or steal sensitive data. A patch is not currently available.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Imran Emu Owl Carousel WP owl-carousel-wp. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2.
Affected ProductsAI
Product: Imran Emu Owl Carousel WP owl-carousel-wp.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today