CVE-2022-2775

🗓️ 05 Sep 2022 12:35:23Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 57 Views🌐 WEB

The Fast Flow WordPress plugin before 1.2.13 allows stored cross-site scripting via unsanitized Widget settings

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-2775	5 Sep 202213:15	–	attackerkb
Circl	CVE-2022-2775	5 Sep 202216:12	–	circl
CNNVD	WordPress plugin Fast Flow 跨站脚本漏洞	5 Sep 202200:00	–	cnnvd
Cvelist	CVE-2022-2775 Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting	5 Sep 202212:35	–	cvelist
EUVD	EUVD-2022-35017	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2775	5 Sep 202213:15	–	nvd
Patchstack	WordPress Fast Flow Plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting	31 Jul 202200:00	–	patchstack
Prion	Cross site scripting	5 Sep 202213:15	–	prion
Positive Technologies	PT-2022-18573 · WordPress · Fast Flow Wordpress Plugin	5 Sep 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2775	22 May 202522:38	–	redhatcve

NVD

Vulners

Node

fastflow fastflowRange<1.2.13wordpress

[
  {
    "product": "Fast Flow",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.2.13",
        "status": "affected",
        "version": "1.2.13",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d

Parameter	Position	Path	Description	CWE
Title	path	/wp-admin/admin.php?page=fast-flow	Stored Cross-Site Scripting via widget settings in Fast Flow WordPress plugin (payload in HTML widget Title/Description).	CWE-79
Description	path	/wp-admin/admin.php?page=fast-flow	Stored Cross-Site Scripting via widget settings in Fast Flow WordPress plugin (payload in HTML widget Title/Description).	CWE-79

21 Nov 2024 07:01Current

5Medium risk

Vulners AI Score5

CVSS 3.15.5

EPSS0.00438

CWE-79