CVE-2022-3062
published 2022-09-26CVE-2022-3062: The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site…
PriorityP350medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
44.09%
98.6th percentile
The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simplefilelist | simple-file-list | < 4.4.12 | 4.4.12 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Simple File List < 4.4.12 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2022-3062 [MEDIUM] Simple File List < 4.4.12 - Cross Site Scripting
Simple File List < 4.4.12 - Cross Site Scripting
The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Template:
id: CVE-2022-3062
info:
name: Simple File List < 4.4.12 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: Fixed in version 4.4.12
reference:
- https://wpscan.com/vulnerability/2e829bbe-1843-496d-a852-4150fa6d1f7a
- https://
No writeups or analysis indexed.
2022-09-26
Published