CVE-2022-1913

🗓️ 27 Jun 2022 08:58:29Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 59 Views🌐 WEB

The Add Post URL WordPress plugin through 2.1.0 lacks CSRF check, leading to Stored Cross-Site Scripting

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2022-1913	27 Jun 202209:15	–	attackerkb
CNNVD	WordPress plugin Add Post URL 跨站请求伪造漏洞	27 Jun 202200:00	–	cnnvd
CNVD	WordPress Add Post URL plugin cross-site request forgery vulnerability	30 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-1913 Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF	27 Jun 202208:58	–	cvelist
EUVD	EUVD-2022-25185	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1913	27 Jun 202209:15	–	nvd
Patchstack	WordPress Add Post URL plugin <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability	1 Jun 202200:00	–	patchstack
Prion	Cross site scripting	27 Jun 202209:15	–	prion
RedhatCVE	CVE-2022-1913	22 May 202522:19	–	redhatcve
wpexploit	Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF	1 Jun 202200:00	–	wpexploit

NVD

Vulners

Node

add_post_url_project add_post_urlRange≤2.1.0wordpress

[
  {
    "product": "Add Post URL",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.1.0",
        "status": "affected",
        "version": "2.1.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/2cafef43-e64a-4897-8c41-f0ed473d7ead

Parameter	Position	Path	Description	CWE
footer_text	request body	/wp-admin/options-general.php?page=wp-posturl/posturl-options.php	Stored XSS via unsanitised input in plugin settings leading to script execution in posts	CWE-352

21 Nov 2024 06:41Current

4.3Medium risk

Vulners AI Score4.3

CVSS 3.14.3

CVSS 24.3

EPSS0.00103

CWE-352