CVE-2022-2278

🗓️ 01 Aug 2022 12:51:35Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 62 Views🌐 WEB

The FIFU WordPress plugin before 4.0.1 allows stored XSS attacks

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-2278	1 Aug 202213:15	–	attackerkb
Circl	CVE-2022-2278	1 Aug 202216:17	–	circl
CNNVD	WordPress plugin Featured Image from URL (FIFU) 跨站脚本漏洞	1 Aug 202200:00	–	cnnvd
Cvelist	CVE-2022-2278 Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting	1 Aug 202212:51	–	cvelist
EUVD	EUVD-2022-34552	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2278	1 Aug 202213:15	–	nvd
OSV	CVE-2022-2278	1 Aug 202213:15	–	osv
Patchstack	WordPress Featured Image from URL plugin <= 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability	11 Jul 202200:00	–	patchstack
Prion	Cross site scripting	1 Aug 202213:15	–	prion
Positive Technologies	PT-2022-15671 · WordPress · Featured Image From Url	1 Aug 202200:00	–	ptsecurity

NVD

Vulners

Node

fifu featured_image_from_urlRange<4.0.1wordpress

[
  {
    "product": "Featured Image from URL (FIFU)",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.0.1",
        "status": "affected",
        "version": "4.0.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/4481731d-4dbf-4bfa-b4cc-64f10bb7e7bf

Parameter	Position	Path	Description	CWE
nonce_fifu_form_photon	request body	wp-admin/admin.php?page=featured-image-from-url	Stored Cross-Site Scripting via unsanitized admin settings in the Featured Image from URL (FIFU) plugin	CWE-79
fifu_input_photon	request body	wp-admin/admin.php?page=featured-image-from-url	Stored Cross-Site Scripting via unsanitized admin settings in the Featured Image from URL (FIFU) plugin	CWE-79

21 Nov 2024 07:00Current

4.7Medium risk

Vulners AI Score4.7

CVSS 3.14.8

EPSS0.00238

CWE-79