CVE-2022-1567

Опубликовано: 10 мая 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6.

Ссылки

https://plugins.trac.wordpress.org/browser/wp-js/trunk/wp-js.php?rev=100281#L140
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/0ab82117-73dd-4257-8dfc-01dadcc3a83f?source=cve
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1567
Third Party Advisory
https://plugins.trac.wordpress.org/browser/wp-js/trunk/wp-js.php?rev=100281#L140
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/0ab82117-73dd-4257-8dfc-01dadcc3a83f?source=cve
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1567
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-js_project:wp-js:*:*:*:*:*:wordpress:*:*

Версия до 2.0.6 (включая)

EPSS

Процентиль: 50%

0.00264

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f2g6-m663-wjp3