CVE-2022-4295
published 2023-01-16CVE-2022-4295: The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected…
PriorityP431medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.90%
55.1th percentile
The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| appjetty | show_all_comments | < 7.0.1 | 7.0.1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Show all comments < 7.0.1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-4295 [MEDIUM] Show all comments < 7.0.1 - Cross-Site Scripting
Show all comments alert(document.domain)"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "alert(document.domain)")'
- 'contains(body, "Select ")'
condition: and
# digest: 4a0a004730450220740e6c11d60f78a5f6f995ecfb9124e5c7ba55f5ca653fcb65e98e71845ffc86022100eeae20a9241b8f1ee25c09de33230e06f031d3909410124ee45d7b07b0b60c8c:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter September 2025
blogs_greynoiseio
NoiseLetter September 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2022-50253 kernel: Linux kernel: Denial of Service in network packet redirection
bugzilla·2025-09-15·CVSS 5.5
CVE-2022-50253 [MEDIUM] CVE-2022-50253 kernel: Linux kernel: Denial of Service in network packet redirection
CVE-2022-50253 kernel: Linux kernel: Denial of Service in network packet redirection
In the Linux kernel, the following vulnerability has been resolved:
bpf: make sure skb->len != 0 when redirecting to a tunneling device
syzkaller managed to trigger another case where skb->len == 0
when we enter __dev_queue_xmit:
WARNING: CPU: 0 PID: 2470 at include/linux/skbuff.h:2576 skb_assert_len include/linux/skbuff.h:2576 [inline]
WARNING: CPU: 0 PID: 2470 at include/linux/skbuff.h:2576 __dev_queue_xmit+0x2069/0x35e0 net/core/dev.c:4295
Call Trace:
dev_queue_xmit+0x17/0x20 net/core/dev.c:4406
__bpf_tx_skb net/core/filter.c:2115 [inline]
__bpf_redirect_no_mac net/core/filter.c:2140 [inline]
__bpf_redirect+0x5fb/0xda0 net/core/filter.c:2163
____bpf_clone_redirect net/core/filter.c:2447 [inline]
bp
2023-01-16
Published