Lucene search

PatchstackCVELIST:CVE-2022-38971

HistoryMar 16, 2023 - 8:49 a.m.

CVE-2022-38971 WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

2023-03-1608:49:16

CWE-79

Patchstack

www.cve.org

wordpress

buddyforms

plugin

cross site scripting

xss

themekraft

post form

registration form

profile form

user profiles

content forms

user submissions

vulnerability

stored

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

21.0%

JSON

Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "buddyforms",
    "product": "Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions",
    "vendor": "ThemeKraft",
    "versions": [
      {
        "changes": [
          {
            "at": "2.7.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.7.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-7-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

21.0%

JSON

Related for CVELIST:CVE-2022-38971