Lucene search
WPScanCVE-2022-2537HistoryAug 29, 2022 - 6:15 p.m.
CVE-2022-2537
2022-08-2918:15:09
CWE-79
WPScan
web.nvd.nist.gov
90
4
woocommerce
pdf
invoices
packing slips
wordpress
plugin
vulnerability
xss
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
Affected configurations
Node
wpovernightwoocommerce_pdf_invoices\&_packing_slipsRange2.14.0–3.0.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpovernight | woocommerce_pdf_invoices\&_packing_slips | * | cpe:2.3:a:wpovernight:woocommerce_pdf_invoices\&_packing_slips:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"product": "WooCommerce PDF Invoices & Packing Slips",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.14.0*",
"status": "affected",
"version": "2.14.0",
"versionType": "custom"
},
{
"lessThan": "3.0.1",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
]Social References
More
Related
cvelist
cvelist
prion
prion
Cross site scripting
2022-08-29 18:15:00
patchstack
patchstack
nvd
nvd
CVE-2022-2537
2022-08-29 18:15:09
openvas
openvas
wpvulndb
wpvulndb
wpexploit
wpexploit
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
Related for CVE-2022-2537