Lucene search

K

PatchstackCVELIST:CVE-2022-41990

HistoryJan 17, 2024 - 4:18 p.m.

CVE-2022-41990 WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF)

2024-01-1716:18:58

CWE-352

Patchstack

www.cve.org

wordpress

tag cloud

cross site request forgery

stored xss

vulnerability

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "cardoza-3d-tag-cloud",
    "product": "3D Tag Cloud",
    "vendor": "Vinoj Cardoza",
    "versions": [
      {
        "lessThanOrEqual": "3.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

Related for CVELIST:CVE-2022-41990

prion1 wpvulndb1 cve1 nvd1 patchstack1 wordfence1