CVE-2022-0210

🗓️ 18 Jan 2022 16:52:30Reported by WordfenceType

cve🔗 web.nvd.nist.gov👁 43 Views🌐 WEB

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping in ~/include/models/model.php file, affecting versions up to 4.1.4

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2022-0210	18 Jan 202220:25	–	circl
CNNVD	WordPress plugin 跨站脚本漏洞	18 Jan 202200:00	–	cnnvd
Cvelist	CVE-2022-0210 Random Banner <= 4.1.4 Admin+ Stored Cross-Site Scripting	18 Jan 202216:52	–	cvelist
EUVD	EUVD-2022-15412	3 Oct 202520:07	–	euvd
NVD	CVE-2022-0210	18 Jan 202217:15	–	nvd
OSV	CVE-2022-0210	18 Jan 202217:15	–	osv
Patchstack	WordPress Random Banner plugin <= 4.1.4 - Stored Cross-Site Scripting (XSS) vulnerability	14 Jan 202200:00	–	patchstack
Prion	Cross site scripting	18 Jan 202217:15	–	prion
Positive Technologies	PT-2022-13038 · WordPress · Random Banner	18 Jan 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-0210	9 Jan 202609:12	–	redhatcve

NVD

Vulners

Node

buffercode random_bannerRange≤4.1.4wordpress

[
  {
    "product": "Random Banner",
    "vendor": "Random Banner",
    "versions": [
      {
        "lessThanOrEqual": "4.1.4",
        "status": "affected",
        "version": "4.1.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/random-banner/tags/4.1.4/include/models/model.php
wordfence	www.wordfence.com/vulnerability-advisories/
github	www.github.com/BigTiger2020/2022/blob/main/Random%20Banner%20Xss.md

Parameter	Position	Path	Description	CWE
category	path	include/models/model.php	Stored Cross-Site Scripting via unsafely echoed category parameter in Random Banner WordPress plugin (up to version 4.1.4).	CWE-116, CWE-79

21 Nov 2024 06:38Current

4.8Medium risk

Vulners AI Score4.8

CVSS 23.5

CVSS 3.14.8

EPSS0.0059

SSVC