CVE-2022-2171

{"id": "CVE-2022-2171", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-08-01T13:15:10.513", "references": [{"url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well."}, {"lang": "es", "value": "El plugin Progressive License de WordPress versiones hasta 1.1.0 carece de cualquier comprobaci\u00f3n de tipo CSRF cuando guarda sus ajustes, lo que podr\u00eda permitir a atacantes hacer que un administrador conectado los cambie. Adem\u00e1s, como el plugin permite insertar HTML arbitrario en una de las configuraciones, esto podr\u00eda conllevar a un problema de tipo XSS almacenado que ser\u00eda desencadenado tambi\u00e9n en el frontend"}], "lastModified": "2022-08-05T18:56:45.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:crowdfavorite:progressive_license:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A7286275-18BF-40B4-959F-2243ADFCB56B", "versionEndIncluding": "1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}