CVE-2022-1772
Last modified
CVE-2022-1772 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.. EPSS estimates a 0.69% chance of exploitation in the next 30 days.
Description
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Google Places Reviews Project | Google Places Reviews | < 2.0.0 |
References
- https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679abExploit, Third Party Advisory
- https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679abExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1772?
How severe is CVE-2022-1772?
How do I fix CVE-2022-1772?
Are you affected by CVE-2022-1772?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST