CVE-2022-46864

2023-05-0913:15:16

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-46864

unauthenticated

reflected xss

umair saleem

woocommerce

custom checkout fields editor

drag & drop plugin

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

18.4%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions.

Affected configurations

Vulners

NVD

Node

umair_saleemwoocommerce_custom_checkout_fields_editor_with_drag_\&_dropRange≤0.1

CPENameOperatorVersion
woocommerce_custom_checkout_fields_editor_with_drag_\&_drop_project:woocommerce_custom_checkout_fields_editor_with_drag_\&_dropwoocommerce custom checkout fields editor with drag & drop project woocommerce custom checkout fields editor with drag & drople0.1

CPE	Name	Operator	Version
woocommerce_custom_checkout_fields_editor_with_drag_\&_drop_project:woocommerce_custom_checkout_fields_editor_with_drag_\&_drop	woocommerce custom checkout fields editor with drag & drop project woocommerce custom checkout fields editor with drag & drop	le	0.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woo-custom-checkout-fields",
    "product": "Woocommerce Custom Checkout Fields Editor With Drag & Drop",
    "vendor": "Umair Saleem",
    "versions": [
      {
        "lessThanOrEqual": "0.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woo-custom-checkout-fields/wordpress-woocommerce-custom-checkout-fields-editor-with-drag-drop-plugin-0-1-cross-site-scripting-xss?_s_id=cve