Lucene search

PatchstackCVE-2022-26375

HistoryOct 17, 2022 - 6:15 p.m.

CVE-2022-26375

2022-10-1718:15:12

CWE-79

Patchstack

web.nvd.nist.gov

cve-2022-26375

authentication

admin+

stored xss

mammothology ab press optimizer

wordpress

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.

Affected configurations

Nvd

Vulners

Node

abpressoptimizerab_press_optimizerRange≤1.1.1wordpress

VendorProductVersionCPE
abpressoptimizerab_press_optimizer*cpe:2.3:a:abpressoptimizer:ab_press_optimizer:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
abpressoptimizer	ab_press_optimizer	*	cpe:2.3:a:abpressoptimizer:ab_press_optimizer::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Mammothology",
    "product": "AB Press Optimizer (WordPress plugin)",
    "versions": [
      {
        "version": "<= 1.1.1",
        "status": "affected",
        "lessThanOrEqual": "1.1.1",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/ab-press-optimizer-lite/wordpress-ab-press-optimizer-plugin-1-1-1-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

wordpress.org/plugins/ab-press-optimizer-lite/

Social References