CVE-2022-1418
Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.
El plugin Social Stickers de WordPress versiones hasta 2.2.9, no dispone de comprobaciones de tipo CSRF cuando actualiza la configuración de sus redes sociales y no escapa de algunos de estos campos, lo que podrÃa permitir a atacantes hacer que un administrador conectado los cambie y conllevar a problemas de tipo Cross-Site Scripting Almacenado
*Credits:
Vinay Varma Mudunuri, Krishna Harsha Kondaveeti
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-20 CVE Reserved
- 2022-04-20 CVE Published
- 2023-12-07 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/3851e61e-f462-4259-af0a-8d832809d559 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pluginmirror Search vendor "Pluginmirror" | Social Stickers Search vendor "Pluginmirror" for product "Social Stickers" | <= 2.2.9 Search vendor "Pluginmirror" for product "Social Stickers" and version " <= 2.2.9" | wordpress |
Affected
| ||||||