Lucene search
WPScanCVELIST:CVE-2022-3601HistoryNov 28, 2022 - 1:47 p.m.
CVE-2022-3601 Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS
2022-11-2813:47:06
WPScan
www.cve.org
cve-2022-3601
image hover effects
wordpress plugin
stored xss
admin
sanitisation
cross-site scripting
unfiltered html
multisite
0.001 Low
EPSS
Percentile
24.9%
The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CNA Affected
[
{
"vendor": "Unknown",
"product": "Image Hover Effects Css3",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "4.5"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2022-3601
2022-11-28 14:15:12
patchstack
patchstack
wpvulndb
wpvulndb
Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS
2022-11-03 00:00:00
cve
cve
CVE-2022-3601
2022-11-28 14:15:12
prion
prion
Cross site scripting
2022-11-28 14:15:00
wpexploit
wpexploit
Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS
2022-11-03 00:00:00