CVE-2022-4307

CVSS V2 None CVSS V3 None
Description
The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.
Overview
  • CVE ID
  • CVE-2022-4307
  • Assigner
  • contact@wpscan.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-23T15:15:14
  • Last Modified Date
  • 2023-01-30T15:32:28
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:wp-master:pardakht-delkhah:*:*:*:*:*:wordpress:*:* 1 OR 2.9.3
History
Created Old Value New Value Data Type Notes
2023-01-23 16:14:43 Added to TrackCVE
2023-01-23 16:14:44 Weakness Enumeration new
2023-01-23 19:14:13 2023-01-23T17:17:06 CVE Modified Date updated
2023-01-23 19:14:13 Received Awaiting Analysis Vulnerability Status updated
2023-01-25 03:16:17 2023-01-25T02:02:00 CVE Modified Date updated
2023-01-30 15:14:19 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-30 17:14:49 2023-01-30T15:32:28 CVE Modified Date updated
2023-01-30 17:14:49 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-30 17:14:51 CPE Information updated