Lucene search

PatchstackCVELIST:CVE-2022-29430

HistoryMay 20, 2022 - 8:44 p.m.

CVE-2022-29430 WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability

2022-05-2020:44:52

CWE-352

CWE-79

Patchstack

www.cve.org

wordpress

png to jpg plugin

csrf

persistent xss

vulnerability

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

20.8%

JSON

Cross-Site Scripting (XSS) vulnerability in KubiQ’s PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.

CNA Affected

[
  {
    "product": "PNG to JPG (WordPress plugin)",
    "vendor": "KubiQ",
    "versions": [
      {
        "lessThanOrEqual": "4.0",
        "status": "affected",
        "version": "<= 4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/png-to-jpg/wordpress-png-to-jpg-plugin-4-0-cross-site-request-forgery-csrf-leading-to-persistent-cross-site-scripting-xss-vulnerability

wordpress.org/plugins/png-to-jpg/#developers

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

20.8%

JSON

Related for CVELIST:CVE-2022-29430