exploitDog

CVE-2022-1617

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them

Ссылки

https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:usabilitydynamics:wp-invoice:*:*:*:*:*:wordpress:*:*

Версия до 4.3.1 (включая)

EPSS

Процентиль: 33%

0.0013

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-qp39-g94h-cxxf

CVSS3: 6.1

github

около 2 лет назад

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them

EPSS

Процентиль: 33%

0.0013

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-352