Search criteria
3 vulnerabilities found for advanced_wordpress_reset by sigmaplugin
FKIE_CVE-2022-2181
Vulnerability from fkie_nvd - Published: 2022-08-01 13:15 - Updated: 2024-11-21 07:00
Severity ?
Summary
The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sigmaplugin | advanced_wordpress_reset | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sigmaplugin:advanced_wordpress_reset:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AC16EED7-600C-415A-9555-A79C521C8690",
"versionEndExcluding": "1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting"
},
{
"lang": "es",
"value": "El plugin Advanced WordPress Reset de WordPress versiones anteriores a 1.6, no escapa a algunas URLs generadas antes de devolverlas en los atributos href de las p\u00e1ginas del panel de control del administrador, conllevando a un ataque de tipo Cross-Site Scripting Reflejado"
}
],
"id": "CVE-2022-2181",
"lastModified": "2024-11-21T07:00:29.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-01T13:15:10.567",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2022-2181 (GCVE-0-2022-2181)
Vulnerability from cvelistv5 – Published: 2022-08-01 12:49 – Updated: 2024-08-03 00:32
VLAI?
Title
Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting
Summary
The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Advanced WordPress Reset |
Affected:
1.6 , < 1.6
(custom)
|
Credits
ZhongFu Su(JrXnm) of WuHan University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced WordPress Reset",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.6",
"status": "affected",
"version": "1.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:49:46",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advanced WordPress Reset \u003c 1.6 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2181",
"STATE": "PUBLIC",
"TITLE": "Advanced WordPress Reset \u003c 1.6 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced WordPress Reset",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6",
"version_value": "1.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2181",
"datePublished": "2022-08-01T12:49:47",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2181 (GCVE-0-2022-2181)
Vulnerability from nvd – Published: 2022-08-01 12:49 – Updated: 2024-08-03 00:32
VLAI?
Title
Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting
Summary
The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Advanced WordPress Reset |
Affected:
1.6 , < 1.6
(custom)
|
Credits
ZhongFu Su(JrXnm) of WuHan University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced WordPress Reset",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.6",
"status": "affected",
"version": "1.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:49:46",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advanced WordPress Reset \u003c 1.6 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2181",
"STATE": "PUBLIC",
"TITLE": "Advanced WordPress Reset \u003c 1.6 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced WordPress Reset",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6",
"version_value": "1.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2181",
"datePublished": "2022-08-01T12:49:47",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}