CVE-2022-38703

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.3%
top 44.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MAX Foundry Wordpress Button Plugin Maxbuttons (wordpress Plugin)Maxfoundry Maxbuttons
Timeline
PublishedSep 23
Latest updateSep 25

Description

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:NExploitability: 1.7 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-rrrr-cw7x-rf7j: Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 92022-09-25
CVEList
WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability2022-09-23
CVE-2022-38703 (MEDIUM CVSS 4.8) | Authenticated (admin+) Stored Cross | cvebase.io