CVE-2022-40191

2022-09-0915:15:15

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-40191

authenticated

stored xss

cross-site scripting

ali khallad

contact form

mega forms

wordpress

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.7%

JSON

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad’s Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.

Affected configurations

Vulners

NVD

Node

ali_khalladcontact_form_by_mega_forms_\(wordpress_plugin\)Range≤1.2.4

CPENameOperatorVersion
contact_form_by_mega_forms_project:contact_form_by_mega_formscontact form by mega forms project contact form by mega formsle1.2.4

CPE	Name	Operator	Version
contact_form_by_mega_forms_project:contact_form_by_mega_forms	contact form by mega forms project contact form by mega forms	le	1.2.4

CNA Affected

[
  {
    "product": "Contact Form By Mega Forms (WordPress plugin)",
    "vendor": "Ali Khallad",
    "versions": [
      {
        "lessThanOrEqual": "1.2.4",
        "status": "affected",
        "version": "<= 1.2.4",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/mega-forms/wordpress-contact-form-by-mega-forms-plugin-1-2-4-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve

wordpress.org/plugins/mega-forms/#developers