Lucene search
HistoryNov 28, 2022 - 2:15 p.m.
CVE-2022-3847
wordpress plugin
csrf attack
stored xss
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
30.3%
The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack
Affected configurations
Node
showing_url_in_qr_code_projectshowing_url_in_qr_codeMatch0.0.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| showing_url_in_qr_code_project | showing_url_in_qr_code | 0.0.1 | cpe:2.3:a:showing_url_in_qr_code_project:showing_url_in_qr_code:0.0.1:*:*:*:*:wordpress:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2022-11-28 14:15:00
cve
cve
CVE-2022-3847
2022-11-28 14:15:17
wpvulndb
wpvulndb
Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF
2022-11-03 00:00:00
wpexploit
wpexploit
Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF
2022-11-03 00:00:00
cnvd
cnvd
WordPress Showing URL in QR Code plugin cross-site scripting vulnerability
2022-11-30 00:00:00
cvelist
cvelist
CVE-2022-3847 Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF
2022-11-28 13:50:08
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
30.3%
Related for NVD:CVE-2022-3847