Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
3 vulnerabilities by rockcontent
CVE-2022-36428 (GCVE-0-2022-36428)
Vulnerability from cvelistv5 – Published: 2022-11-03 19:22 – Updated: 2025-02-20 19:57
VLAI?
Title
WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability
Summary
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Stage | Rock Convert (WordPress plugin) |
Affected:
<= 2.11.0 , ≤ 2.11.0
(custom)
|
Date Public ?
2022-10-13 00:00
Credits
Vulnerability discovered by Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/rock-convert/wordpress-rock-convert-plugin-2-11-0-auth-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/rock-convert/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:22:10.353509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:57:11.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rock Convert (WordPress plugin)",
"vendor": "Stage",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "\u003c= 2.11.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"datePublic": "2022-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin \u003c= 2.11.0 on WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-03T00:00:00.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rock-convert/wordpress-rock-convert-plugin-2-11-0-auth-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"url": "https://wordpress.org/plugins/rock-convert/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 3.0.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rock Convert plugin \u003c= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-36428",
"datePublished": "2022-11-03T19:22:18.187Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2025-02-20T19:57:11.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3440 (GCVE-0-2022-3440)
Vulnerability from cvelistv5 – Published: 2022-10-31 00:00 – Updated: 2025-05-06 20:09
VLAI?
Title
Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
Summary
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Rock Convert |
Affected:
2.11.0 , < 2.11.0
(custom)
|
Credits
José Ricardo
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e39fcf30-1e69-4399-854c-4c5b6ccc22a2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T20:08:43.632280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T20:09:09.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rock Convert",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.11.0",
"status": "affected",
"version": "2.11.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jos\u00e9 Ricardo"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/e39fcf30-1e69-4399-854c-4c5b6ccc22a2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rock Convert \u003c 2.6.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3440",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-10-10T00:00:00.000Z",
"dateUpdated": "2025-05-06T20:09:09.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3441 (GCVE-0-2022-3441)
Vulnerability from cvelistv5 – Published: 2022-10-31 00:00 – Updated: 2025-05-06 20:06
VLAI?
Title
Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting
Summary
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Rock Convert |
Affected:
2.11.0 , < 2.11.0
(custom)
|
Credits
José Ricardo
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7b51b1f0-17ca-46b7-ada1-20bd926f3023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3441",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T20:05:40.429568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T20:06:09.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rock Convert",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.11.0",
"status": "affected",
"version": "2.11.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jos\u00e9 Ricardo"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/7b51b1f0-17ca-46b7-ada1-20bd926f3023"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rock Convert \u003c 2.11.0 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3441",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-10-10T00:00:00.000Z",
"dateUpdated": "2025-05-06T20:06:09.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}