Lucene search
Ngo Van Thien (Alliance project)PATCHSTACK:FEF24CA70A1C1F4C77E99BFFDDC4FC14HistorySep 01, 2022 - 12:00 a.m.
WordPress Word Search Puzzles game plugin <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
2022-09-0100:00:00
Ngo Van Thien (Alliance project)
patchstack.com
10
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Word Search Puzzles game plugin (versions <= 2.0.1).
Solution
Deactivate and delete. No reply from the vendor.
| CPE | Name | Operator | Version |
|---|---|---|---|
| word search puzzles game | le | 2.0.1 |
Related
cvelist
cvelist
wpvulndb
wpvulndb
Word Search Puzzles Game <= 2.0.1 - Author+ Stored Cross-Site Scripting
2022-09-01 00:00:00
prion
prion
Cross site scripting
2022-09-09 15:15:00
cve
cve
CVE-2022-37335
2022-09-09 15:15:00
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Related for PATCHSTACK:FEF24CA70A1C1F4C77E99BFFDDC4FC14