Lucene search
WPScanCVE-2022-3137HistoryOct 10, 2022 - 9:15 p.m.
CVE-2022-3137
2022-10-1021:15:11
CWE-79
WPScan
web.nvd.nist.gov
33
5
taskbuilder
wordpress plugin
cve-2022-3137
stored cross-site scripting
security vulnerability
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.8%
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task’s attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file
Affected configurations
Node
taskbuildertaskbuilderRange<1.0.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| taskbuilder | taskbuilder | * | cpe:2.3:a:taskbuilder:taskbuilder:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Taskbuilder – WordPress Project & Task Management plugin",
"versions": [
{
"version": "1.0.8",
"status": "affected",
"lessThan": "1.0.8",
"versionType": "custom"
}
]
}
]Social References
More
Related
wpvulndb
wpvulndb
TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
2022-09-15 00:00:00
cvelist
cvelist
patchstack
patchstack
cnvd
cnvd
WordPress Taskbuilder Cross-Site Scripting Vulnerability
2022-10-12 00:00:00
wpexploit
wpexploit
TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
2022-09-15 00:00:00
nvd
nvd
CVE-2022-3137
2022-10-10 21:15:11
prion
prion
Cross site scripting
2022-10-10 21:15:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.8%
Related for CVE-2022-3137