CVE-2022-1093

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 57.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown WP Meta SEOJoomunited WP Meta SEO
Timeline
PublishedMay 23
Latest updateMay 24

Description

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/wp_meta_seo4.4.74.4.7

🔴Vulnerability Details

2
GHSA
GHSA-59wp-qpx3-fcf5: The WP Meta SEO WordPress plugin before 42022-05-24
CVEList
WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs2022-05-23
CVE-2022-1093 (MEDIUM CVSS 4.8) | The WP Meta SEO WordPress plugin be | cvebase.io