Lucene search

K
cveWPScanCVE-2022-2574
HistoryOct 17, 2022 - 12:15 p.m.

CVE-2022-2574

2022-10-1712:15:09
CWE-79
WPScan
web.nvd.nist.gov
37
2
meks easy social share
wordpress plugin
cve-2022-2574
stored cross-site scripting
xss
security vulnerability
nvd

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affected configurations

Nvd
Vulners
Node
mekshqmeks_easy_social_shareRange<1.2.8wordpress
VendorProductVersionCPE
mekshqmeks_easy_social_share*cpe:2.3:a:mekshq:meks_easy_social_share:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Meks Easy Social Share",
    "versions": [
      {
        "version": "1.2.8",
        "status": "affected",
        "lessThan": "1.2.8",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%