CVE-2022-2241

Опубликовано: 01 авг. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues

Ссылки

https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fifu:featured_image_from_url:*:*:*:*:*:wordpress:*:*

Версия до 4.0.0 (исключая)

EPSS

Процентиль: 53%

0.00303

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-116

Связанные уязвимости

GHSA-6vv2-x5qj-vq7g