CVE-2022-1418 Information

Description

The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings and does not escape some of these fields which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://wpscan.com/vulnerability/3851e61e-f462-4259-af0a-8d832809d559

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1