CVE-2022-2629 Top Bar < 3.0.4 - Admin+ Stored Cross-Site Scripting

2022-10-1000:00:00

CWE-79

WPScan

www.cve.org

cross-site scripting

stored xss

wordpress security

EPSS

0.001

Percentile

24.8%

JSON

The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Top Bar",
    "versions": [
      {
        "version": "3.0.4",
        "status": "affected",
        "lessThan": "3.0.4",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/25a0d41f-3b6f-4d18-b4d5-767ac60ee8a8

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2022-2629