Lucene search

PatchstackCVELIST:CVE-2022-47173

HistoryMar 23, 2023 - 3:57 p.m.

CVE-2022-47173 WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.62.0 is vulnerable to Cross Site Scripting (XSS)

2023-03-2315:57:29

CWE-79

Patchstack

www.cve.org

cve-2022-47173

cross site scripting

authenticated

stored xss

vulnerable plugin

advanced form integration

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

21.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "advanced-form-integration",
    "product": "Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration",
    "vendor": "nasirahmed",
    "versions": [
      {
        "changes": [
          {
            "at": "1.63.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.62.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/advanced-form-integration/wordpress-connect-contact-form-7-woocommerce-to-google-sheets-other-platforms-advanced-form-integration-plugin-1-62-0-cross-site-scripting-xss?_s_id=cve