4.8
CVE-2022-3823
- EPSS 0.46%
- Veröffentlicht 28.11.2022 14:15:14
- Zuletzt bearbeitet 25.04.2025 15:15:31
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginBeautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS
Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Mögliche Gegenmaßnahme
Beautiful Cookie Consent Banner: Update to version 2.9.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Beautiful-cookie-banner ≫ Beautiful Cookie Consent Banner SwPlatformwordpress Version < 2.9.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Beautiful Cookie Consent Banner
Version
*-2.9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.362 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
https://wpscan.com/vulnerability/a072b091-5e5f-4e88-bd3d-2f4582e6564e
https://wpscan.com/vulnerability/a072b091-5e5f-4e88-bd3d-2f4582e6564e/
https://www.wordfence.com/threat-intel/vulnerabilities/id/dd1b6b89-6c3c-4956-aa99-798ce186eb97