6.1
CVE-2022-2654
- EPSS 0.49%
- Veröffentlicht 16.09.2022 09:15:10
- Zuletzt bearbeitet 05.06.2025 19:15:23
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginClassima < 2.1.11 - Reflected Cross-Site Scripting
Classima < 2.1.11 - Reflected Cross-Site Scripting
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting
Mögliche Gegenmaßnahme
Classified Core: Update to version 1.10, or a newer patched version
Classified Listing – AI-Powered Classified ads & Business Directory: Update to version 2.2.14, or a newer patched version
Classified Listing Pro - Classified ads & Business Directory Plugin: Update to version 2.0.20, or a newer patched version
Classified Listing Store: Update to version 1.4.20, or a newer patched version
Classima: Update to version 2.1.11, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Radiustheme ≫ Classified Listing SwPlatformwordpress Version < 2.0.20
Radiustheme ≫ Classified Listing SwPlatformwordpress Version < 2.2.14
Radiustheme ≫ Classima SwPlatformwordpress Version < 2.1.11
Radiustheme ≫ Classima Core SwPlatformwordpress Version < 1.10
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Classified Core
Version
[*, 1.10)
SystemWordPress Plugin
≫
Produkt
Classified Listing – AI-Powered Classified ads & Business Directory
Version
[*, 2.2.14)
SystemWordPress Plugin
≫
Produkt
Classified Listing Pro - Classified ads & Business Directory Plugin
Version
[*, 2.0.20)
SystemWordPress Plugin
≫
Produkt
Classified Listing Store
Version
[*, 1.4.20)
SystemWordPress Theme
≫
Produkt
Classima
Version
[*, 2.1.11)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.38 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993
https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfee2e2-3486-4be8-954f-6d7f9b6d54ec