Lucene search
HistoryAug 08, 2022 - 2:15 p.m.
CVE-2022-2391
wordpress plugin
javascript injection
portfolio slider
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.8%
The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.
Affected configurations
Node
wpzoominspiro_proRange<7.2.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpzoom | inspiro_pro | * | cpe:2.3:a:wpzoom:inspiro_pro:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting
2022-07-18 00:00:00
patchstack
patchstack
cve
cve
CVE-2022-2391
2022-08-08 14:15:09
wpexploit
wpexploit
Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting
2022-07-18 00:00:00
prion
prion
Information disclosure
2022-08-08 14:15:00
cvelist
cvelist
CVE-2022-2391 Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting
2022-08-08 13:48:28
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.8%
Related for NVD:CVE-2022-2391