CVE-2022-0148
published 2022-02-07CVE-2022-0148: The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the…
PriorityP430medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
1.57%
72.3th percentile
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| premio | mystickyelements | < 2.0.4 | 2.0.4 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
cisa8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g6hq-wccr-3vq2: The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2
ghsa_unreviewed·2022-02-08
CVE-2022-0148 [MEDIUM] CWE-79 GHSA-g6hq-wccr-3vq2: The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
CISA
Microsoft SMBv1 Server Remote Code Execution Vulnerability
cisa·2022-04-06·CVSS 8.1
CVE-2017-0148 [HIGH] CWE-20 Microsoft SMBv1 Server Remote Code Execution Vulnerability
Vulnerability: Microsoft SMBv1 Server Remote Code Execution Vulnerability
Affected: Microsoft SMBv1 server
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0148
Remediation Due Date: 2022-04-27
No detection rules found.
Nuclei
WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2022-0148 [MEDIUM] WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting
WordPress All-in-one Floating Contact Form '
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100a7e2c9d99dbf999980d1acc5ad0851ee39d95653efc18684b7a5d1a42b3ab26402202c33de1e836803a7a5c9a75fad0522f184b975e5e44baa911c6d7337f6d5394f:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-02-07
Published