Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-3919
HistoryDec 12, 2022 - 5:54 p.m.

CVE-2022-3919 Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting

2022-12-1217:54:41
WPScan
www.cve.org
4
cve-2022-3919
jetpack crm
cross-site scripting
wordpress plugin
unfiltered html

EPSS

0.001

Percentile

25.0%

JSON

The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Jetpack CRM",
    "collectionURL": "https://wordpress.org/plugins",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.4.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

prion 1
wpvulndb 1
cve 1
nvd 1
wpexploit 1
nessus 1
prion
prion
Cross site scripting
2022-12-12 18:15:00
wpvulndb
wpvulndb
Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting
2022-11-21 00:00:00
cve
cve
CVE-2022-3919
2022-12-12 18:15:11
nvd
nvd
CVE-2022-3919
2022-12-12 18:15:11
wpexploit
wpexploit
Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting
2022-11-21 00:00:00
nessus
nessus
Debian DLA-3173-1 : linux-5.10 - LTS security update
2022-11-02 00:00:00

EPSS

0.001

Percentile

25.0%

JSON
Related for CVELIST:CVE-2022-3919
prion1wpvulndb1cve1nvd1wpexploit1nessus1