CVE-2022-1763
Last modified
CVE-2022-1763 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Static Page Extended Project | Static Page Extended | <= 2.1 |
References
- https://wpscan.com/vulnerability/bd3aff73-078a-4e5a-b9e3-1604851c6df8Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/bd3aff73-078a-4e5a-b9e3-1604851c6df8Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1763?
How severe is CVE-2022-1763?
How do I fix CVE-2022-1763?
Are you affected by CVE-2022-1763?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST