CVE-2022-47173

2023-03-2316:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-47173

xss

vulnerability

nasirahmed

contact form 7

woocommerce

google sheets

advanced form integration

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

21.1%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions.

Affected configurations

Vulners

NVD

Node

nasirahmedconnect_contact_form_7\,_woocommerce_to_google_sheets_\&_other_platforms_–_advanced_form_integrationRange≤1.62.0

CPENameOperatorVersion
advancedformintegration:advanced_form_integrationadvancedformintegration advanced form integrationlt1.63.0

CPE	Name	Operator	Version
advancedformintegration:advanced_form_integration	advancedformintegration advanced form integration	lt	1.63.0

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "advanced-form-integration",
    "product": "Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration",
    "vendor": "nasirahmed",
    "versions": [
      {
        "changes": [
          {
            "at": "1.63.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.62.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/advanced-form-integration/wordpress-connect-contact-form-7-woocommerce-to-google-sheets-other-platforms-advanced-form-integration-plugin-1-62-0-cross-site-scripting-xss?_s_id=cve