CVE-2022-2311

Sažetak

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.

Reference

https://wpscan.com/vulnerability/287a14dc-d1fc-481d-84af-7eb172dc68c9
https://wpscan.com/vulnerability/287a14dc-d1fc-481d-84af-7eb172dc68c9

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

23-04-2025 - 17:15

Objavljeno

28-11-2022 - 14:15