PT-2022-13652 · WordPress · The Good & Bad Comments

Vaibhav Nitin Gaikwad

Published

2022-04-18

Updated

2022-04-27

CVE-2022-1090

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Good & Bad Comments WordPress plugin version 1.0.0

Description The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to the plugin's failure to sanitise and escape its settings.

Recommendations For The Good & Bad Comments WordPress plugin version 1.0.0, consider disabling the plugin until a patch is available to prevent potential Stored Cross-Site Scripting attacks. Restrict access to the plugin's settings to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-1090

Affected Products

The Good & Bad Comments

PT-2022-13652 · WordPress · The Good & Bad Comments

CVE-2022-1090

Weakness Enumeration

Related Identifiers

Affected Products

References · 5