CVE-2022-2532
Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
El plugin Feed Them Social de WordPress versiones anteriores a 3.0.1, no sanea y escapa de un parámetro antes de devolverlo a la página, lo que conlleva a un ataque de tipo Cross-Site Scripting Reflejado.
The Feed Them Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘access_token’ parameter in the function fts_encrypt_token_ajax in versions up to, and including, 2.9.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, subscriber and above, to inject arbitrary web scripts stored in the plugin options.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-25 CVE Reserved
- 2022-07-26 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/07278b12-58e6-4230-b2fb-19237e9785d8 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Slickremix Search vendor "Slickremix" | Feed Them Social Search vendor "Slickremix" for product "Feed Them Social" | < 3.0.1 Search vendor "Slickremix" for product "Feed Them Social" and version " < 3.0.1" | wordpress |
Affected
| ||||||