What is CVE-2022-2654?

CVE-2022-2654 is a vulnerability in the Classima WordPress theme and some of its required plugins that allows for parameter injection.

How does CVE-2022-2654 impact websites using the Classima WordPress theme?

CVE-2022-2654 can allow an attacker to inject and execute malicious code on websites using the Classima WordPress theme.

What is the severity of CVE-2022-2654?

CVE-2022-2654 has a severity rating of 6.1, which is considered medium.

Which versions of the Classima WordPress theme and its required plugins are affected by CVE-2022-2654?

The Classima WordPress theme versions before 2.1.11, Classified Listing versions before 2.2.14, Classified Listing Pro versions before 2.0.20, Classified Listing Store & Membership versions before 1.4.20, and Classima Core versions before 1.10 are affected by CVE-2022-2654.

How can I fix CVE-2022-2654?

To fix CVE-2022-2654, it is recommended to update your Classima WordPress theme and its required plugins to the latest versions.

Vulnerability/
CVE-2022-2654

medium

6.1

CWE

16/9/2022

27/9/2024

CVE-2022-2654: Classima < 2.1.11 - Reflected Cross-Site Scripting

First published: Fri Sep 16 2022(Updated: )

The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting

Credit: contact@wpscan.com contact@wpscan.com

Affected Software	Affected Version	How to fix
RadiusTheme Classified Listing	<2.0.20
RadiusTheme Classified Listing	<2.2.14
RadiusTheme Classified Listing	<1.4.20
Radiustheme Classima	<2.1.11
Radiustheme Classima Core	<1.10
RadiusTheme Classified Listing	<2.2.14
RadiusTheme Classified Listing	<2.0.20

Never miss a vulnerability like this again

Reference Links

https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993

Frequently Asked Questions

What is CVE-2022-2654?
CVE-2022-2654 is a vulnerability in the Classima WordPress theme and some of its required plugins that allows for parameter injection.
How does CVE-2022-2654 impact websites using the Classima WordPress theme?
CVE-2022-2654 can allow an attacker to inject and execute malicious code on websites using the Classima WordPress theme.
What is the severity of CVE-2022-2654?
CVE-2022-2654 has a severity rating of 6.1, which is considered medium.
Which versions of the Classima WordPress theme and its required plugins are affected by CVE-2022-2654?
The Classima WordPress theme versions before 2.1.11, Classified Listing versions before 2.2.14, Classified Listing Pro versions before 2.0.20, Classified Listing Store & Membership versions before 1.4.20, and Classima Core versions before 1.10 are affected by CVE-2022-2654.
How can I fix CVE-2022-2654?
To fix CVE-2022-2654, it is recommended to update your Classima WordPress theme and its required plugins to the latest versions.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/references
agent/title
agent/first-publish-date
agent/description
agent/event
agent/author
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/radiustheme
canonical/radiustheme classified listing
canonical/radiustheme classima
canonical/radiustheme classima core

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.