Lucene search
WPScanCVE-2022-4325HistoryJan 09, 2023 - 11:15 p.m.
CVE-2022-4325
2023-01-0923:15:27
WPScan
web.nvd.nist.gov
39
cve-2022-4325
post status notifier lite
wordpress
plugin
xss
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
43.9%
The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.
Affected configurations
Node
ifeelwebpost_status_notifier_liteRange<1.10.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ifeelweb | post_status_notifier_lite | * | cpe:2.3:a:ifeelweb:post_status_notifier_lite:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Post Status Notifier Lite",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.10.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Post Status Notifier Lite < 1.10.1 - Reflected XSS
2022-12-15 00:00:00
nuclei
nuclei
WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
2023-03-18 22:07:09
wpexploit
wpexploit
Post Status Notifier Lite < 1.10.1 - Reflected XSS
2022-12-15 00:00:00
nvd
nvd
CVE-2022-4325
2023-01-09 23:15:27
cvelist
cvelist
CVE-2022-4325 Post Status Notifier Lite < 1.10.1 - Reflected XSS
2023-01-09 22:13:46
prion
prion
Cross site scripting
2023-01-09 23:15:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
43.9%
Related for CVE-2022-4325