CVE-2022-42460

2022-11-1022:15:15

CWE-264

CWE-79

[email protected]

web.nvd.nist.gov

cve

2022

42460

broken access control

stored cross-site scripting

xss

traffic manager plugin

wordpress

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

19.6%

JSON

Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress.

Affected configurations

Vulners

NVD

Node

sedlextraffic_managerRange≤1.4.5

VendorProductVersionCPE
sedlextraffic_manager*cpe:2.3:a:sedlex:traffic_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sedlex	traffic_manager	*	cpe:2.3:a:sedlex:traffic_manager::::::::

CNA Affected

[
  {
    "vendor": "SedLex",
    "product": "Traffic Manager (WordPress plugin)",
    "versions": [
      {
        "version": "<= 1.4.5",
        "status": "affected",
        "lessThanOrEqual": "1.4.5",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/traffic-manager/wordpress-traffic-manager-plugin-1-4-5-broken-access-control-vulnerability-leading-to-stored-cross-site-scripting-xss?_s_id=cve

wordpress.org/plugins/traffic-manager/