First published: Fri May 06 2022(Updated: )
Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Edmonsoft Countdown Builder | <=2.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-29422 is medium with a severity value of 4.8.
CVE-2022-29422 is a vulnerability that allows authenticated attackers with admin+ privileges to execute persistent cross-site scripting (XSS) attacks in the Countdown & Clock plugin <= 2.3.2 for WordPress.
To fix CVE-2022-29422, you should update the Countdown & Clock plugin to version 2.3.3 or higher, which addresses the multiple authenticated persistent XSS vulnerabilities.
Cross-Site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into websites viewed by other users.
The CWE (Common Weakness Enumeration) of CVE-2022-29422 is CWE-79, which is the classification for Cross-Site Scripting (XSS) vulnerabilities.