CVE-2022-4905

A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The name of the patch is 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability.

CVSS v3.0 6.1 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/udx/wp-stateless/commit/6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a	Patch
https://github.com/udx/wp-stateless/pull/630	Release Notes
https://vuldb.com/?id.220750	Third Party Advisory
https://github.com/udx/wp-stateless/releases/tag/3.2.0	Release Notes
https://vuldb.com/?ctiid.220750	Permissions Required

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:udx:stateless_media_plugin:3.1.1:*:*:*:*:wordpress:*:*

Information

Published : 2023-02-13 13:15

Updated : 2023-02-23 07:29

NVD link : CVE-2022-4905

Mitre link : CVE-2022-4905

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

udx

stateless_media_plugin

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/udx/wp-stateless/commit/6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a", "name": "https://github.com/udx/wp-stateless/commit/6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://github.com/udx/wp-stateless/pull/630", "name": "https://github.com/udx/wp-stateless/pull/630", "tags": ["Release Notes"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.220750", "name": "https://vuldb.com/?id.220750", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/udx/wp-stateless/releases/tag/3.2.0", "name": "https://github.com/udx/wp-stateless/releases/tag/3.2.0", "tags": ["Release Notes"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.220750", "name": "https://vuldb.com/?ctiid.220750", "tags": ["Permissions Required"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The name of the patch is 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-4905", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2023-02-13T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:udx:stateless_media_plugin:3.1.1:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-23T15:29Z"}