Lucene search

WPScanCVE-2022-3484

HistoryNov 14, 2022 - 3:15 p.m.

CVE-2022-3484

2022-11-1415:15:49

CWE-79

WPScan

web.nvd.nist.gov

wpb show

core

wordpress

plugin

reflected

xss

vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.5%

JSON

The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

Affected configurations

Nvd

Vulners

Node

wpb_show_core_projectwpb_show_coreMatch-wordpress

VendorProductVersionCPE
wpb_show_core_projectwpb_show_core-cpe:2.3:a:wpb_show_core_project:wpb_show_core:-:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpb_show_core_project	wpb_show_core	-	cpe:2.3:a:wpb_show_core_project:wpb_show_core:-:::::wordpress::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "wpb-show-core",
    "versions": [
      {
        "version": "TODO",
        "status": "affected",
        "lessThanOrEqual": "TODO",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/3afaed61-6187-4915-acf0-16e79d5c2464

Social References

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.5%

JSON

Related for CVE-2022-3484