The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995/ - Exploit, Third Party Advisory |
24 Jan 2024, 15:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-79 | |
CPE | cpe:2.3:a:wedevs:dokan:*:*:*:*:*:wordpress:*:* | |
References | () https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995/ - Exploit, Third Party Advisory |
16 Jan 2024, 23:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-16 16:15
Updated : 2024-11-21 07:19
NVD link : CVE-2022-3194
Mitre link : CVE-2022-3194
CVE.ORG link : CVE-2022-3194
JSON object : View
Products Affected
wedevs
- dokan
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')