CVE-2022-44576

2022-11-0222:15:17

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-44576

authentication

admin+

stored xss

cross-site scripting

agenteasy properties plugin

wordpress

nvd

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

19.5%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress.

Affected configurations

Vulners

NVD

Node

agenteasyagenteasy_properties_\(wordpress_plugin\)Range≤1.0.4

CPENameOperatorVersion
agenteasy_properties_project:agenteasy_propertiesagenteasy properties project agenteasy propertiesle1.0.4

CPE	Name	Operator	Version
agenteasy_properties_project:agenteasy_properties	agenteasy properties project agenteasy properties	le	1.0.4

CNA Affected

[
  {
    "vendor": "AgentEasy",
    "product": "AgentEasy Properties (WordPress plugin)",
    "versions": [
      {
        "version": "<= 1.0.4",
        "status": "affected",
        "lessThanOrEqual": "1.0.4",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/agenteasy-properties/wordpress-agenteasy-properties-plugin-1-0-4-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

wordpress.org/plugins/agenteasy-properties/