Lucene search
HistoryAug 29, 2022 - 6:15 p.m.
CVE-2022-2537
woocommerce pdf invoices
packing slips
wordpress
plugin
cross-site scripting
cve-2022-2537
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
Affected configurations
Node
wpovernightwoocommerce_pdf_invoices\&_packing_slipsRange2.14.0–3.0.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpovernight | woocommerce_pdf_invoices\&_packing_slips | * | cpe:2.3:a:wpovernight:woocommerce_pdf_invoices\&_packing_slips:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
prion
prion
Cross site scripting
2022-08-29 18:15:00
patchstack
patchstack
cve
cve
CVE-2022-2537
2022-08-29 18:15:09
openvas
openvas
wpvulndb
wpvulndb
wpexploit
wpexploit
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
Related for NVD:CVE-2022-2537