Lucene search
WPScanCVE-2022-2538HistoryAug 29, 2022 - 6:15 p.m.
CVE-2022-2538
2022-08-2918:15:09
CWE-79
WPScan
web.nvd.nist.gov
33
5
cve-2022-2538
wp hide & security enhancer
wordpress plugin
xss
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting
Affected configurations
Node
nsp-codewp_hide_\&_security_enhancerRange<1.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nsp-code | wp_hide_\&_security_enhancer | * | cpe:2.3:a:nsp-code:wp_hide_\&_security_enhancer:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"product": "WP Hide & Security Enhancer",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8",
"status": "affected",
"version": "1.8",
"versionType": "custom"
}
]
}
]Social References
More
Related
wpexploit
wpexploit
WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting
2022-08-08 00:00:00
wpvulndb
wpvulndb
WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting
2022-08-08 00:00:00
cvelist
cvelist
patchstack
patchstack
prion
prion
Cross site scripting
2022-08-29 18:15:00
nvd
nvd
CVE-2022-2538
2022-08-29 18:15:09
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
Related for CVE-2022-2538