Best Payments Plugin for WP < 4.2.1 - Unauthenticated Stored Cross-Site Scripting
CVE-2022-2565

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Simple Payment Donations & Subscriptions Plugin By Paymattic – Best Payments Plugin For WP
Vendor: CVE Published:; 5 September 2022

What is CVE-2022-2565?

The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins

Affected Version(s)

Simple Payment Donations & Subscriptions Plugin by Paymattic – Best Payments Plugin for WP 4.2.1

References

https://wpscan.com/vulnerability/d89eff7d-a3e6-4876-aa0e-...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2022
Vulnerability Reserved
Jul 28, 2022

Credit

Rafshanzani Suhada