exploitDog

CVE-2022-0376

Опубликовано: 30 мая 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Ссылки

https://wpscan.com/vulnerability/a3ca2ed4-11ea-4d78-aa4c-4ed58f258932
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a3ca2ed4-11ea-4d78-aa4c-4ed58f258932
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:user-meta:user_meta_user_profile_builder_and_user_management:*:*:*:*:*:wordpress:*:*

Версия до 2.4.3 (исключая)

EPSS

Процентиль: 51%

0.00282

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vw5x-4vp3-h26h

CVSS3: 4.8

github

больше 3 лет назад

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

EPSS

Процентиль: 51%

0.00282

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79