Lucene search
China National Vulnerability DatabaseCNVD-2022-85330HistoryNov 30, 2022 - 12:00 a.m.
WordPress Analytics for WP plugin cross-site scripting vulnerability
2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
wordpress
analytics
cross-site scripting
vulnerability
php
plugin
attack
administrator
EPSS
0.001
Percentile
24.8%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Analytics for WP plugin 1.5.1 and earlier versions contain a cross-site scripting vulnerability that stems from the failure to clean and escape certain settings, including the disabled unfiltered_html feature, which could be exploited by a highly privileged attacker such as an administrator to launch a stored cross-site scripting attack. An attacker with high privileges, such as an administrator, could use the vulnerability to launch a stored cross-site scripting attack.
Related
cvelist
cvelist
CVE-2022-3839 Analytics for WP <= 1.5.1 - Admin+ Stored XSS
2022-11-28 13:47:23
cve
cve
CVE-2022-3839
2022-11-28 14:15:16
wpvulndb
wpvulndb
Analytics for WP <= 1.5.1 - Admin+ Stored XSS
2022-11-03 00:00:00
prion
prion
Cross site scripting
2022-11-28 14:15:00
patchstack
patchstack
nvd
nvd
CVE-2022-3839
2022-11-28 14:15:16
wpexploit
wpexploit
Analytics for WP <= 1.5.1 - Admin+ Stored XSS
2022-11-03 00:00:00