CVE-2022-29422: XSS
First published: Fri May 06 2022(Updated: )
Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Edmonsoft Countdown Builder | <=2.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-29422?
The severity of CVE-2022-29422 is medium with a severity value of 4.8.
What is CVE-2022-29422?
CVE-2022-29422 is a vulnerability that allows authenticated attackers with admin+ privileges to execute persistent cross-site scripting (XSS) attacks in the Countdown & Clock plugin <= 2.3.2 for WordPress.
How can I fix CVE-2022-29422?
To fix CVE-2022-29422, you should update the Countdown & Clock plugin to version 2.3.3 or higher, which addresses the multiple authenticated persistent XSS vulnerabilities.
What is Cross-Site Scripting (XSS)?
Cross-Site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into websites viewed by other users.
What is the CWE of CVE-2022-29422?
The CWE (Common Weakness Enumeration) of CVE-2022-29422 is CWE-79, which is the classification for Cross-Site Scripting (XSS) vulnerabilities.
- collector/nvd-index
- vendor/edmonsoft
- canonical/edmonsoft countdown builder
- version/edmonsoft countdown builder/2.3.2