CVE-2022-47145

2023-03-2317:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-47145

reflected cross-site scripting

xss vulnerability

blockonomics

wordpress bitcoin payments

nvd

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

27.3%

JSON

Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7 versions.

Affected configurations

Vulners

NVD

Node

blockonomicsblockonomicsRange≤3.5.7

VendorProductVersionCPE
blockonomicsblockonomics*cpe:2.3:a:blockonomics:blockonomics:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blockonomics	blockonomics	*	cpe:2.3:a:blockonomics:blockonomics::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "blockonomics-bitcoin-payments",
    "product": "WordPress Bitcoin Payments – Blockonomics",
    "vendor": "Blockonomics",
    "versions": [
      {
        "changes": [
          {
            "at": "3.5.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.5.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/blockonomics-bitcoin-payments/wordpress-wordpress-bitcoin-payments-blockonomics-plugin-3-5-7-cross-site-scripting-xss?_s_id=cve