Lucene search
WPScanCVE-2022-3194HistoryJan 16, 2024 - 4:15 p.m.
CVE-2022-3194
2024-01-1616:15:09
CWE-79
WPScan
web.nvd.nist.gov
24
dokan
wordpress
plugin
cve-2022-3194
security vulnerability
xss
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.2
Confidence
High
EPSS
0
Percentile
14.0%
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
Affected configurations
Node
wedevsdokanRange<3.6.4wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "Dokan",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.6.4"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-3194
2024-01-16 16:15:09
wpexploit
wpexploit
Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
2022-06-02 00:00:00
wpvulndb
wpvulndb
Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
2022-06-02 00:00:00
cvelist
cvelist
CVE-2022-3194 Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
2024-01-16 15:53:36
prion
prion
Cross site scripting
2024-01-16 16:15:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.2
Confidence
High
EPSS
0
Percentile
14.0%
Related for CVE-2022-3194