CVE-2022-2171 (GCVE-0-2022-2171)

Vulnerability from cvelistv5 – Published: 2022-08-01 12:49 – Updated: 2024-08-03 00:32
VLAI?
Title
Progressive License <= 1.1.0 - CSRF to Stored XSS
Summary
The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.
Severity ?
No CVSS data available.
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
Vendor Product Version
Unknown Progressive License Affected: 1.1.0 , ≤ 1.1.0 (custom)
Create a notification for this product.
Credits
Daniel Ruf
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:07.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Progressive License",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThanOrEqual": "1.1.0",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Daniel Ruf"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-01T12:49:33",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Progressive License \u003c= 1.1.0 - CSRF to Stored XSS",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-2171",
          "STATE": "PUBLIC",
          "TITLE": "Progressive License \u003c= 1.1.0 - CSRF to Stored XSS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Progressive License",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.1.0",
                            "version_value": "1.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Daniel Ruf"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-2171",
    "datePublished": "2022-08-01T12:49:33",
    "dateReserved": "2022-06-22T00:00:00",
    "dateUpdated": "2024-08-03T00:32:07.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:crowdfavorite:progressive_license:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.1.0\", \"matchCriteriaId\": \"A7286275-18BF-40B4-959F-2243ADFCB56B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.\"}, {\"lang\": \"es\", \"value\": \"El plugin Progressive License de WordPress versiones hasta 1.1.0 carece de cualquier comprobaci\\u00f3n de tipo CSRF cuando guarda sus ajustes, lo que podr\\u00eda permitir a atacantes hacer que un administrador conectado los cambie. Adem\\u00e1s, como el plugin permite insertar HTML arbitrario en una de las configuraciones, esto podr\\u00eda conllevar a un problema de tipo XSS almacenado que ser\\u00eda desencadenado tambi\\u00e9n en el frontend\"}]",
      "id": "CVE-2022-2171",
      "lastModified": "2024-11-21T07:00:28.247",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2022-08-01T13:15:10.513",
      "references": "[{\"url\": \"https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "contact@wpscan.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"contact@wpscan.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-2171\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2022-08-01T13:15:10.513\",\"lastModified\":\"2024-11-21T07:00:28.247\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.\"},{\"lang\":\"es\",\"value\":\"El plugin Progressive License de WordPress versiones hasta 1.1.0 carece de cualquier comprobaci\u00f3n de tipo CSRF cuando guarda sus ajustes, lo que podr\u00eda permitir a atacantes hacer que un administrador conectado los cambie. Adem\u00e1s, como el plugin permite insertar HTML arbitrario en una de las configuraciones, esto podr\u00eda conllevar a un problema de tipo XSS almacenado que ser\u00eda desencadenado tambi\u00e9n en el frontend\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crowdfavorite:progressive_license:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.1.0\",\"matchCriteriaId\":\"A7286275-18BF-40B4-959F-2243ADFCB56B\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.