CVE-2022-4115 Editorial Calendar < 3.8.3 - Contributor+ Stored XSS

2023-06-2713:17:14

WPScan

www.cve.org

wordpress

plugin

cve-2022-4115

contributor+

stored xss

vulnerability

EPSS

0.001

Percentile

25.4%

JSON

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Editorial Calendar",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.8.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/2b5071e1-9532-4a6c-9da4-d07932474ca4

EPSS

0.001

Percentile

25.4%

JSON

Related for CVELIST:CVE-2022-4115