CVE-2022-38971

2023-03-1609:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-38971

stored xss

themekraft

post form

registration form

profile form

user profiles

content forms

user submissions

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.1%

JSON

Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.

Affected configurations

Vulners

NVD

Node

themekraftpost_form_registration_form_profile_form_for_user_profiles_and_content_formsRange≤2.7.5

VendorProductVersionCPE
themekraftpost_form_registration_form_profile_form_for_user_profiles_and_content_forms*cpe:2.3:a:themekraft:post_form_registration_form_profile_form_for_user_profiles_and_content_forms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
themekraft	post_form_registration_form_profile_form_for_user_profiles_and_content_forms	*	cpe:2.3:a:themekraft:post_form_registration_form_profile_form_for_user_profiles_and_content_forms::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "buddyforms",
    "product": "Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions",
    "vendor": "ThemeKraft",
    "versions": [
      {
        "changes": [
          {
            "at": "2.7.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.7.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]