CVE-2022-0450
Last modified
CVE-2022-0450 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Freshlightlab | Menu Image\, Icons Made Easy | < 3.0.8 |
References
- https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54aExploit, Third Party Advisory
- https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54aExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-0450?
How severe is CVE-2022-0450?
How do I fix CVE-2022-0450?
Are you affected by CVE-2022-0450?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST