CVE-2022-4207

Published: Dic 13, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-51567 Aliases: GSD-2022-4207
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: changed
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0027
Percentile
0,5th
Updated

EPSS Score Trend (Last 91 Days)

Application

Image Hover Effects Ultimate by Oxilab

Product Information
Vendor Oxilab
Product Image Hover Effects Ultimate
Version Range Affected
From 9.8.1 (inclusive)
To 9.8.4 (inclusive)
cpe:2.3:a:oxilab:image_hover_effects_ultimate:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/MrOxizen/image-hover-effects-ultimate/co…
Patch Third Party Advisory
https://github.com/MrOxizen/image-hover-effects-ultimate/commit/4ba784e1a2a0cf0…
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfp…
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…
https://www.wordfence.com/threat-intel/vulnerabilities/id/f…
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f00cdef3-d733-4e85-80…
https://github.com/MrOxizen/image-hover-effects-ultimate/co…
Patch Third Party Advisory
https://github.com/MrOxizen/image-hover-effects-ultimate/commit/4ba784e1a2a0cf0…
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfp…
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…
https://www.wordfence.com/threat-intel/vulnerabilities/id/f…
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f00cdef3-d733-4e85-80…