Lucene search

[email protected]CVE-2022-1646

HistoryMay 30, 2022 - 9:15 a.m.

CVE-2022-1646

2022-05-3009:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-1646

simple real estate pack

wordpress plugin

stored xss

nvd

security issue

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

23.6%

JSON

The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

CPENameOperatorVersion
simple_real_estate_pack_project:simple_real_estate_packsimple real estate pack project simple real estate packle1.4.8

CPE	Name	Operator	Version
simple_real_estate_pack_project:simple_real_estate_pack	simple real estate pack project simple real estate pack	le	1.4.8

References

wpscan.com/vulnerability/8a32896d-bf1b-4d7b-8d84-dc38b877928b

Social References

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

23.6%

JSON

Related for CVE-2022-1646

patchstack1 wpexploit1 wpvulndb1 prion1