Lucene search

K
cvePatchstackCVE-2022-37335
HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-37335

2022-09-0915:15:13
CWE-79
Patchstack
web.nvd.nist.gov
45
3
cve-2022-37335
authenticated
stored
xss
cross-site scripting
nvd
wordpress
plugin

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA’s Word Search Puzzles game plugin <= 2.0.1 at WordPress.

Affected configurations

Nvd
Vulners
Node
webhelpagencyword_search_puzzlesRange2.0.1wordpress
VendorProductVersionCPE
webhelpagencyword_search_puzzlescpe:/a:webhelpagency:word_search_puzzles::::

CNA Affected

[
  {
    "product": "Word Search Puzzles game (WordPress plugin)",
    "vendor": "WHA",
    "versions": [
      {
        "lessThanOrEqual": "2.0.1",
        "status": "affected",
        "version": "<= 2.0.1",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

Related for CVE-2022-37335