Lucene search

[email protected]CVE-2022-41640

HistoryMay 09, 2023 - 10:15 a.m.

CVE-2022-41640

2023-05-0910:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-41640

authentication

stored xss

rymera web co wholesale suite

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.7%

JSON

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions.

Affected configurations

Vulners

NVD

Node

rymera_web_cowholesale_suiteRange≤2.1.5

CPENameOperatorVersion
rymera:wholesale_suiterymera wholesale suitelt2.1.5.1

CPE	Name	Operator	Version
rymera:wholesale_suite	rymera wholesale suite	lt	2.1.5.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woocommerce-wholesale-prices",
    "product": "Wholesale Suite",
    "vendor": "Rymera Web Co",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.5.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woocommerce-wholesale-prices/wordpress-wholesale-suite-plugin-2-1-5-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve