CVE-2022-3408

Sažetak

The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Reference

https://wpscan.com/vulnerability/395bc893-2067-4f76-b49f-9ed8e1e8f330
https://wpscan.com/vulnerability/395bc893-2067-4f76-b49f-9ed8e1e8f330

CVSS

Base:	4.8
Impact:	2.7
Exploitability:	1.7

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

06-05-2025 - 21:15

Objavljeno

31-10-2022 - 16:15