exploitDog

CVE-2022-1763

Опубликовано: 13 июн. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings

Ссылки

https://wpscan.com/vulnerability/bd3aff73-078a-4e5a-b9e3-1604851c6df8
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/bd3aff73-078a-4e5a-b9e3-1604851c6df8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:static_page_extended_project:static_page_extended:*:*:*:*:*:wordpress:*:*

Версия до 2.1 (включая)

EPSS

Процентиль: 25%

0.00084

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-fq48-ww4g-mgh4

CVSS3: 5.4

github

больше 3 лет назад

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings

EPSS

Процентиль: 25%

0.00084

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-352

CWE-352