Lucene search
WPScanCVE-2022-2311HistoryNov 28, 2022 - 2:15 p.m.
CVE-2022-2311
2022-11-2814:15:11
WPScan
web.nvd.nist.gov
44
4
cve-2022-2311
wordpress plugin
security vulnerability
xss
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.3%
The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.
Affected configurations
Node
find_and_replace_all_projectfind_and_replace_allRange<1.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| find_and_replace_all_project | find_and_replace_all | * | cpe:2.3:a:find_and_replace_all_project:find_and_replace_all:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Find and Replace All",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.3"
}
],
"defaultStatus": "unaffected"
}
]Social References
More
Related
prion
prion
Cross site scripting
2022-11-28 14:15:00
patchstack
patchstack
wpexploit
wpexploit
Find and Replace All < 1.3 - Reflected Cross Site Scripting
2022-11-03 00:00:00
cvelist
cvelist
CVE-2022-2311 Find and Replace All < 1.3 - Reflected Cross Site Scripting
2022-11-28 13:47:13
wpvulndb
wpvulndb
Find and Replace All < 1.3 - Reflected Cross Site Scripting
2022-11-03 00:00:00
nvd
nvd
CVE-2022-2311
2022-11-28 14:15:11
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.3%
Related for CVE-2022-2311