cbcvebase.
CVE-2022-2090
published 2022-07-17

CVE-2022-2090: The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount…

PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.66%
47.0th percentile
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting

Affected

9 ranges
VendorProductVersion rangeFixed in
flycartdiscount_rules_for_woocommerce< 2.4.22.4.2
linuxlinux_kernel>= 2.6.32 < 4.9.3374.9.337
linuxlinux_kernel>= 4.10.0 < 4.14.3034.14.303
linuxlinux_kernel>= 4.15.0 < 4.19.2704.19.270
linuxlinux_kernel>= 4.20.0 < 5.4.2295.4.229
linuxlinux_kernel>= 5.11.0 < 5.15.865.15.86
linuxlinux_kernel>= 5.16.0 < 6.0.166.0.16
linuxlinux_kernel>= 5.5.0 < 5.10.1635.10.163
linuxlinux_kernel>= 6.1.0 < 6.1.26.1.2

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.