CVE-2022-2271 WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting

2022-09-0512:35:18

CWE-79

WPScan

www.cve.org

cve-2022-2271

admin

cross-site scripting

wordpress

stored cross-site scripting

settings

high privilege users

unfiltered html

multisite setup

0.001 Low

EPSS

Percentile

22.9%

JSON

The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

CNA Affected

[
  {
    "product": "WP Database Backup",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.9",
        "status": "affected",
        "version": "5.9",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/b064940f-9614-4b7b-b2c4-e79528746833

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVELIST:CVE-2022-2271