6.1
CVE-2022-0150
- EPSS 1.72%
- Veröffentlicht 28.02.2022 09:15:08
- Zuletzt bearbeitet 21.11.2024 06:38:00
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)
WP Accessibility Helper <= 0.6.0.6 - Reflected Cross-Site Scripting via wahi
The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue
Mögliche Gegenmaßnahme
WP Accessibility Helper (WAH): Update to version 0.6.0.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp Accessibility Helper Project ≫ Wp Accessibility Helper SwPlatformwordpress Version < 0.6.0.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Accessibility Helper (WAH)
Version
[*, 0.6.0.7)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.72% | 0.745 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://plugins.trac.wordpress.org/changeset/2661008
https://wpscan.com/vulnerability/7142a538-7c3d-4dd0-bd2c-cbd2efaf53c5
https://www.wordfence.com/threat-intel/vulnerabilities/id/261b5905-9194-40d3-99cb-1c7a832218dc