4.8
CVE-2022-3832
- EPSS 0.21%
- Veröffentlicht 19.12.2022 14:15:10
- Zuletzt bearbeitet 17.04.2025 15:15:46
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginExternal Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting
The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Mögliche Gegenmaßnahme
External Media: Update to version 1.0.36, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
External Media
Version
*-1.0.35
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
External Media Project ≫ External Media SwPlatformwordpress Version < 1.0.36
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.43 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|