CVE-2022-1028

WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting

EPSS 0.5%CWE-79

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 jun 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

Productos afectados

Unknown · WordPress Security – Firewall, Malware Scanner, Secure Login and Backup

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/16fc08ec-8476-4f3c-93ea-6a51ed880dd5