Lucene search
Raad Haddad of Cloudyrion GmbHWPEX-ID:5BE611E8-5B7A-4579-9757-45A4C94A53CAHistoryAug 01, 2022 - 12:00 a.m.
WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting
2022-08-0100:00:00
Raad Haddad of Cloudyrion GmbH
97
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
24.7%
The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Put the following payload in the "phpMyAdmin on hosting" settings (/wp-admin/admin.php?page=wp-phpmyadmin-extension) of the plugin: "autofocus onfocus=alert(/XSS/)//Related
wpvulndb
wpvulndb
WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting
2022-08-01 00:00:00
cvelist
cvelist
CVE-2022-2407 WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting
2022-08-22 15:03:08
patchstack
patchstack
cve
cve
CVE-2022-2407
2022-08-22 15:15:15
prion
prion
Cross site scripting
2022-08-22 15:15:00
nvd
nvd
CVE-2022-2407
2022-08-22 15:15:15
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
24.7%
Related for WPEX-ID:5BE611E8-5B7A-4579-9757-45A4C94A53CA