CVE-2022-1566
Last modified
CVE-2022-1566 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Quotes Llama Project | Quotes Llama | < 1.0.0 |
References
- https://wpscan.com/vulnerability/0af030d8-b676-4826-91c0-98706b816f3cExploit, Third Party Advisory
- https://wpscan.com/vulnerability/0af030d8-b676-4826-91c0-98706b816f3cExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1566?
How severe is CVE-2022-1566?
How do I fix CVE-2022-1566?
Are you affected by CVE-2022-1566?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST