First published: Mon Dec 12 2022(Updated: )
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
<5.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-3919.
The title of this vulnerability is 'The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings allowing high privilege users to perform cross-Site Scripting attacks.'
The severity of CVE-2022-3919 is medium, with a severity value of 4.8.
The affected software for CVE-2022-3919 is the Jetpack CRM WordPress plugin before version 5.4.3.
The vulnerability can be exploited by high privilege users, such as admins, to perform cross-Site Scripting (XSS) attacks.