Lucene search
HistorySep 05, 2022 - 1:15 p.m.
CVE-2022-2565
cve-2022-2565
wordpress plugin
cross-site scripting
nvd
security vulnerability
unauthenticated attackers
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
45.9%
The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins
Affected configurations
Node
simple-membership-pluginsimple_membershipRange<4.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| simple\-membership\-plugin | simple_membership | * | cpe:2.3:a:simple\-membership\-plugin:simple_membership:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Simple Payment Donations & Subscriptions Plugin by Paymattic – Best Payments Plugin for WP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.1",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Cross site scripting
2022-09-05 13:15:00
wpvulndb
wpvulndb
cvelist
cvelist
patchstack
patchstack
wpexploit
wpexploit
nvd
nvd
CVE-2022-2565
2022-09-05 13:15:08
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
45.9%
Related for CVE-2022-2565