Lucene search

[email protected]NVD:CVE-2022-2311

HistoryNov 28, 2022 - 2:15 p.m.

CVE-2022-2311

2022-11-2814:15:11

[email protected]

web.nvd.nist.gov

wordpress

cross-site scripting

find and replace

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

40.3%

JSON

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.

Affected configurations

NVD

Node

find_and_replace_all_projectfind_and_replace_allRange<1.3wordpress

References

wpscan.com/vulnerability/287a14dc-d1fc-481d-84af-7eb172dc68c9

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

40.3%

JSON

Related for NVD:CVE-2022-2311

cvelist1 cve1 patchstack1 wpexploit1 prion1 wpvulndb1