Vulnerabilities > CVE-2022-4307 - Unspecified vulnerability in Wp-Master Pardakht-Delkhah

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wp-master

NVD

Published: 2023-01-23

Updated: 2023-11-07

Summary

The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.

Vulnerable Configurations

Part	Description	Count
Application	Wp-Master WP Master Pardakht Delkhah - WP Master Pardakht Delkhah 1.8 WP Master Pardakht Delkhah 1.9 WP Master Pardakht Delkhah 2.0 WP Master Pardakht Delkhah 2.1 WP Master Pardakht Delkhah 2.2 WP Master Pardakht Delkhah 2.3 WP Master Pardakht Delkhah 2.4 WP Master Pardakht Delkhah 2.5 WP Master Pardakht Delkhah 2.6 WP Master Pardakht Delkhah 2.7 WP Master Pardakht Delkhah 2.7.1 WP Master Pardakht Delkhah 2.8 WP Master Pardakht Delkhah 2.8.2 WP Master Pardakht Delkhah 2.8.3 WP Master Pardakht Delkhah 2.8.5 WP Master Pardakht Delkhah 2.8.6 WP Master Pardakht Delkhah 2.8.7 WP Master Pardakht Delkhah 2.9 WP Master Pardakht Delkhah 2.9.1 WP Master Pardakht Delkhah 2.9.2	21

References

https://wpscan.com/vulnerability/4000ba69-d73f-4c5b-a299-82898304cebb