Lucene search

[email protected]NVD:CVE-2022-2546

HistoryFeb 02, 2023 - 9:15 a.m.

CVE-2022-2546

2023-02-0209:15:08

[email protected]

web.nvd.nist.gov

wordpress

plugin

vulnerability

csrf

ajax

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

56.8%

JSON

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key

Affected configurations

Nvd

Node

servmaskall-in-one_wp_migrationRange<7.63wordpress

VendorProductVersionCPE
servmaskall-in-one_wp_migration*cpe:2.3:a:servmask:all-in-one_wp_migration:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
servmask	all-in-one_wp_migration	*	cpe:2.3:a:servmask:all-in-one_wp_migration::::::wordpress::*

References

wpscan.com/vulnerability/f84920e4-a1fe-47cf-9ba5-731989c70f58

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

56.8%

JSON

Related for NVD:CVE-2022-2546

wpvulndb1 cvelist1 openvas1 wpexploit1 patchstack1 nuclei2 cve1 prion1