CVE-2023-1122
published 2023-04-10CVE-2023-1122: The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.45%
35.6th percentile
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibenic | simple_giveaways | < 2.45.1 | 2.45.1 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_oracle5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6m37-jpj6-xpgq: The Simple Giveaways WordPress plugin before 2
ghsa_unreviewed·2023-04-10
CVE-2023-1122 [MEDIUM] CWE-79 GHSA-6m37-jpj6-xpgq: The Simple Giveaways WordPress plugin before 2
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Oracle
Oracle Oracle Supply Chain Risk Matrix: Security (OpenJPEG) — CVE-2022-1122
vendor_oracle·2023-07-15·CVSS 5.5
CVE-2022-1122 [MEDIUM] Oracle Oracle Supply Chain Risk Matrix: Security (OpenJPEG) — CVE-2022-1122
Oracle Oracle Supply Chain Risk Matrix: Security (OpenJPEG) vulnerability
CVE: CVE-2022-1122
CVSS: 5.5
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpujul2023 (JUL 2023)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: DC-Specific Component (OpenJPEG) — CVE-2022-1122
vendor_oracle·2023-01-15·CVSS 5.5
CVE-2022-1122 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: DC-Specific Component (OpenJPEG) — CVE-2022-1122
Oracle Oracle Fusion Middleware Risk Matrix: DC-Specific Component (OpenJPEG) vulnerability
CVE: CVE-2022-1122
CVSS: 5.5
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpujan2023 (JAN 2023)
No detection rules found.
No public exploits indexed.
2023-04-10
Published