Sign-up

ID

VAR-202209-1169


CVE

CVE-2022-2575


TITLE

woobewoo  of  WordPress  for  wbw currency switcher for woocommerce  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018475

DESCRIPTION

The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). woobewoo of WordPress for wbw currency switcher for woocommerce Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-2575 // JVNDB: JVNDB-2022-018475 // VULHUB: VHN-430396 // VULMON: CVE-2022-2575

AFFECTED PRODUCTS

vendor:woobewoomodel:wbw currency switcher for woocommercescope:ltversion:1.6.6

Trust: 1.0

vendor:woobewoomodel:wbw currency switcher for woocommercescope:eqversion: -

Trust: 0.8

vendor:woobewoomodel:wbw currency switcher for woocommercescope:eqversion:1.6.6

Trust: 0.8

vendor:woobewoomodel:wbw currency switcher for woocommercescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018475 // NVD: CVE-2022-2575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-2575
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-2575
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202209-1218
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-2575
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-2575
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018475 // CNNVD: CNNVD-202209-1218 // NVD: CVE-2022-2575

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: VULHUB: VHN-430396 // JVNDB: JVNDB-2022-018475 // NVD: CVE-2022-2575

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-1218

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202209-1218

PATCH

title:WordPress plugin WBW Currency Switcher for WooCommerce Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=208445

Trust: 0.6

sources: CNNVD: CNNVD-202209-1218

EXTERNAL IDS

db:NVDid:CVE-2022-2575

Trust: 3.4

db:JVNDBid:JVNDB-2022-018475

Trust: 0.8

db:CNNVDid:CNNVD-202209-1218

Trust: 0.6

db:VULHUBid:VHN-430396

Trust: 0.1

db:VULMONid:CVE-2022-2575

Trust: 0.1

sources: VULHUB: VHN-430396 // VULMON: CVE-2022-2575 // JVNDB: JVNDB-2022-018475 // CNNVD: CNNVD-202209-1218 // NVD: CVE-2022-2575

REFERENCES

url:https://wpscan.com/vulnerability/e934af78-9dfd-4e14-853d-dc453de6e365

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-2575

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-2575/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-430396 // VULMON: CVE-2022-2575 // JVNDB: JVNDB-2022-018475 // CNNVD: CNNVD-202209-1218 // NVD: CVE-2022-2575

SOURCES

db:VULHUBid:VHN-430396
db:VULMONid:CVE-2022-2575
db:JVNDBid:JVNDB-2022-018475
db:CNNVDid:CNNVD-202209-1218
db:NVDid:CVE-2022-2575

LAST UPDATE DATE

2024-08-14T14:43:42.848000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-430396date:2022-09-20T00:00:00
db:VULMONid:CVE-2022-2575date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-018475date:2023-10-20T02:55:00
db:CNNVDid:CNNVD-202209-1218date:2022-09-21T00:00:00
db:NVDid:CVE-2022-2575date:2022-09-20T15:23:57.317

SOURCES RELEASE DATE

db:VULHUBid:VHN-430396date:2022-09-16T00:00:00
db:VULMONid:CVE-2022-2575date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-018475date:2023-10-20T00:00:00
db:CNNVDid:CNNVD-202209-1218date:2022-09-16T00:00:00
db:NVDid:CVE-2022-2575date:2022-09-16T09:15:10.603