CVE-2022-2215: XSS
First published: Mon Aug 01 2022(Updated: )
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Givewp Givewp | <2.21.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-2215?
CVE-2022-2215 is a vulnerability in the GiveWP WordPress plugin before version 2.21.3 that allows high privilege users to perform Stored Cross-Site Scripting (XSS) attacks.
How does CVE-2022-2215 impact the GiveWP WordPress plugin?
CVE-2022-2215 allows high privilege users, such as admins, to exploit a vulnerability in the currency settings of GiveWP before version 2.21.3 and perform Stored Cross-Site Scripting (XSS) attacks, if the unfiltered_html capability is disallowed.
What is the severity of CVE-2022-2215?
CVE-2022-2215 has a severity rating of medium with a CVSS score of 4.8.
How can I fix CVE-2022-2215 in GiveWP plugin?
To fix CVE-2022-2215 in the GiveWP WordPress plugin, you should update to version 2.21.3 or later.
Where can I find more information about CVE-2022-2215?
You can find more information about CVE-2022-2215 at the following reference link: [https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb]
- collector/nvd-index
- vendor/givewp
- canonical/givewp givewp