CVE-2022-1027

Exploit

EPSS 0.21%
Veröffentlicht 25.04.2022 16:16:08
Zuletzt bearbeitet 21.11.2024 06:39:53
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Page Restriction WordPress <= 1.2.6 - Admin+ Stored Cross-Site Scripting

The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.

Mögliche Gegenmaßnahme

Page and Post Restriction: Update to version 1.2.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Page and Post Restriction

Version *-1.2.6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Minioragne ≫ Page Restriction SwPlatformwordpress Version < 1.2.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.43

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://wpscan.com/vulnerability/9dbb0d6d-bc84-4b85-8aa5-fa2a8e6fa5e3

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8c07cc-7fdd-4474-8be1-b08d857ae109

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1027

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-1027