daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Thu Dec 1 07:37:05 UTC 2022] 🤖

patch-1
GitHub Action 2022-12-01 07:37:05 +00:00
parent 8cc6518080
commit da8f1ef179
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cves/2022/CVE-2022-3506.yaml
View File

@ -8,9 +8,16 @@ info:
The Related Posts for WordPress plugin is vulnerable to stored XSS, specifically in the rp4wp[heading_text] parameter because the user input is not properly sanitized, allowing the insertion of JavaScript code that can exploit the vulnerability.
reference:
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828/
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828
- https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-3506
cwe-id: CWE-79
metadata:
verified: true
tags: cve,cve2022,wordpress,wp,wp-plugin,xss,relatedposts,authenticated
verified: "true"
tags: wordpress,wp,wp-plugin,relatedposts,cve,cve2022,xss,authenticated,huntr
requests:
- raw: