CVE-2022-0818

Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS

EPSS 0.9%CWE-79

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 mar 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.

Produtos afetados

Unknown · WooCommerce Affiliate Plugin – Coupon Affiliates

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/c43fabb4-b388-462c-adc4-c6b25af7043b