Lucene search

[email protected]NVD:CVE-2022-2599

HistoryAug 29, 2022 - 6:15 p.m.

CVE-2022-2599

2022-08-2918:15:09

CWE-79

[email protected]

web.nvd.nist.gov

anti-malware security

wordpress plugin

reflected cross-site scripting

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.6%

JSON

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting

Affected configurations

NVD

Node

anti-malware_security_and_brute-force_firewall_projectanti-malware_security_and_brute-force_firewallRange<4.21.83wordpress

References

wpscan.com/vulnerability/276a7fc5-3d0d-446d-92cf-20060aecd0ef

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.6%

JSON

Related for NVD:CVE-2022-2599

openvas1 patchstack1 wpvulndb1 nuclei1 prion1 wpexploit1 cvelist1 cve1