Lucene search

CVE-2022-4697

🗓️ 23 Dec 2022 15:46:11Reported by WordfenceType

The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 4.5.0 due to insufficient input sanitization and output escaping, allowing authenticated attackers to inject arbitrary web scripts

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Prion	Cross site scripting	23 Dec 202216:15	–	prion
NVD	CVE-2022-4697	23 Dec 202216:15	–	nvd
Vulnrichment	CVE-2022-4697	23 Dec 202215:11	–	vulnrichment
WPVulnDB	ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting	23 Dec 202200:00	–	wpvulndb
CVE	CVE-2022-4697	23 Dec 202216:15	–	cve
OpenVAS	WordPress ProfilePress Plugin < 4.5.1 Multiple Vulnerabilities	5 Feb 202500:00	–	openvas

[
  {
    "vendor": "collizo4sky",
    "product": "Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content – ProfilePress",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.5.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/3d54f585-0116-4517-84f1-271e89a05539

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Dec 2022 15:11Current

5.3Medium risk

Vulners AI Score5.3

CVSS35.5

EPSS0.00136