CVE-2022-2151

State: PUBLISHED · Published: 2022-07-17 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / Best Contact Management Software for WordPress — v=3.7.3 ≤3.7.3 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/7c08e4c1-57c5-471c-a990-dcb9fd7ce0f4 x_refsource_MISC

Source

cvelistV5-main/cves/2022/2xxx/CVE-2022-2151.json