Lucene search

[email protected]CVE-2022-33943

HistoryJul 27, 2022 - 5:15 p.m.

CVE-2022-33943

2022-07-2717:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-33943

authenticated

xss

nico amarilla

bxslider wp plugin

wordpress

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla’s BxSlider WP plugin <= 2.0.0 at WordPress.

Affected configurations

Vulners

NVD

Node

nico_amarillabxslider_wp_\(wordpress_plugin\)Range≤2.0.0

CPENameOperatorVersion
bxslider_wp_project:bxslider_wpbxslider wp project bxslider wple2.0.0

CPE	Name	Operator	Version
bxslider_wp_project:bxslider_wp	bxslider wp project bxslider wp	le	2.0.0

CNA Affected

[
  {
    "product": "BxSlider WP (WordPress plugin)",
    "vendor": "Nico Amarilla",
    "versions": [
      {
        "lessThanOrEqual": "2.0.0",
        "status": "affected",
        "version": "<= 2.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/bxslider-wp/wordpress-bxslider-wp-plugin-2-0-0-authenticated-cross-site-scripting-xss-vulnerability

wordpress.org/plugins/bxslider-wp/#developers

Social References