Lucene search
HistoryJan 16, 2023 - 4:15 p.m.
CVE-2022-3904
monsterinsights
wordpress
plugin
vulnerability
web script injection
unauthenticated attacker
google analytics
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
46.1%
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
Affected configurations
Node
monsterinsightsmonsterinsightsRange<8.9.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| monsterinsights | monsterinsights | * | cpe:2.3:a:monsterinsights:monsterinsights:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Code injection
2023-01-16 16:15:00
wpexploit
wpexploit
MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
2022-12-23 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Monsterinsights
2023-07-12 09:51:32
openvas
openvas
wpvulndb
wpvulndb
MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
2022-12-23 00:00:00
cve
cve
CVE-2022-3904
2023-01-16 16:15:10
cvelist
cvelist
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
46.1%
Related for NVD:CVE-2022-3904