exploitDog

CVE-2022-2146

Опубликовано: 17 июл. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting

Ссылки

https://wpscan.com/vulnerability/adc1d752-331e-44af-b5dc-b463d56c2cb4
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/adc1d752-331e-44af-b5dc-b463d56c2cb4
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:import_csv_files_project:import_csv_files:*:*:*:*:*:wordpress:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 34%

0.00135

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-p2j3-2x6x-g3cv

CVSS3: 6.1

github

больше 3 лет назад

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting

EPSS

Процентиль: 34%

0.00135

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352