Lucene search
HistoryAug 08, 2022 - 2:15 p.m.
CVE-2022-2391
cve-2022-2391
inspiro pro
wordpress plugin
security vulnerability
javascript injection
nvd
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
24.9%
The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.
Affected configurations
Node
wpzoominspiro_proRange<7.2.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpzoom | inspiro_pro | * | cpe:2.3:a:wpzoom:inspiro_pro:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Inspiro PRO",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.2.3",
"status": "affected",
"version": "7.2.3",
"versionType": "custom"
}
]
}
]Social References
More
Related
wpexploit
wpexploit
Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting
2022-07-18 00:00:00
prion
prion
Information disclosure
2022-08-08 14:15:00
cvelist
cvelist
CVE-2022-2391 Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting
2022-08-08 13:48:28
wpvulndb
wpvulndb
Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting
2022-07-18 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2022-2391
2022-08-08 14:15:09
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
24.9%
Related for CVE-2022-2391