CVE-2022-2543

🗓️ 05 Sep 2022 12:35:20Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 79 Views🌐 WEB

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 vulnerabilit

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-2543	5 Sep 202213:15	–	attackerkb
Circl	CVE-2022-2543	5 Sep 202216:12	–	circl
CNNVD	WordPress plugin Visual Portfolio 安全漏洞	5 Sep 202200:00	–	cnnvd
Cvelist	CVE-2022-2543 Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection	5 Sep 202212:35	–	cvelist
EUVD	EUVD-2022-34797	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2543	5 Sep 202213:15	–	nvd
Patchstack	WordPress Visual Portfolio Plugin <= 2.17.1 - Unauthenticated CSS Injection vulnerability	15 Aug 202200:00	–	patchstack
Prion	Design/Logic Flaw	5 Sep 202213:15	–	prion
Positive Technologies	PT-2022-17286 · WordPress · The Visual Portfolio	5 Sep 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2543	22 May 202522:32	–	redhatcve

NVD

Vulners

Node

visualportfolio visual_portfolio,_photo_gallery_&_post_gridRange<2.18.0wordpress

[
  {
    "product": "Visual Portfolio, Photo Gallery & Post Grid",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.18.0",
        "status": "affected",
        "version": "2.18.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8

Parameter	Position	Path	Description	CWE
post_id	query param	/?rest_route=/visual-portfolio/v1/update_layout	Unauthenticated REST endpoint allowing CSS injection into saved layouts via update_layout.	CWE-862
data[vp_custom_css]	query param	/?rest_route=/visual-portfolio/v1/update_layout	Unauthenticated REST endpoint allowing CSS injection into saved layouts via update_layout.	CWE-862