Lucene search
HistoryOct 31, 2022 - 4:15 p.m.
CVE-2022-3237
cve-2022-3237
wp contact slider
wordpress plugin
cross-site scripting
security vulnerability
admin privileges
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
24.8%
The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected configurations
Node
ljappswp_review_sliderRange<2.4.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ljapps | wp_review_slider | * | cpe:2.3:a:ljapps:wp_review_slider:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Contact Slider",
"versions": [
{
"version": "2.4.8",
"status": "affected",
"lessThan": "2.4.8",
"versionType": "custom"
}
]
}
]Social References
More
Related
patchstack
patchstack
prion
prion
Cross site scripting
2022-10-31 16:15:00
wpvulndb
wpvulndb
WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting
2022-10-10 00:00:00
cvelist
cvelist
CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting
2022-10-31 00:00:00
nvd
nvd
CVE-2022-3237
2022-10-31 16:15:10
wpexploit
wpexploit
WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting
2022-10-10 00:00:00
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
24.8%
Related for CVE-2022-3237