Lucene search

[email protected]NVD:CVE-2022-1564

HistoryMay 30, 2022 - 9:15 a.m.

CVE-2022-1564

2022-05-3009:15:09

CWE-79

[email protected]

web.nvd.nist.gov

form maker

wordpress

xss

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Affected configurations

Nvd

Node

10webform_makerRange≤1.14.12wordpress

VendorProductVersionCPE
10webform_maker*cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
10web	form_maker	*	cpe:2.3:a:10web:form_maker::::::wordpress::*

References

wpscan.com/vulnerability/a487c7e7-667c-4c92-a427-c43cc13b348d

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2022-1564

patchstack1 cvelist1 prion1 cve1 wpvulndb1 wpexploit1