Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2022-1617
cve-2022-1617
csrf
xss
wordpress
plugin
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them
Affected configurations
Node
usabilitydynamicswp-invoiceRange≤4.3.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| usabilitydynamics | wp-invoice | * | cpe:2.3:a:usabilitydynamics:wp-invoice:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2024-01-16 16:15:00
wpexploit
wpexploit
WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
2022-04-25 00:00:00
cve
cve
CVE-2022-1617
2024-01-16 16:15:09
wpvulndb
wpvulndb
WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
2022-04-25 00:00:00
cvelist
cvelist
CVE-2022-1617 WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
2024-01-16 15:52:49
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Related for NVD:CVE-2022-1617