Vulnerability Details CVE-2022-3904
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.245
EPSS Ranking 95.9%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2022-3904
-
cpe:2.3:a:monsterinsights:monsterinsights:-
-
cpe:2.3:a:monsterinsights:monsterinsights:7.15.0
-
cpe:2.3:a:monsterinsights:monsterinsights:7.15.1
-
cpe:2.3:a:monsterinsights:monsterinsights:7.16.0
-
cpe:2.3:a:monsterinsights:monsterinsights:7.16.1
-
cpe:2.3:a:monsterinsights:monsterinsights:7.16.2
-
cpe:2.3:a:monsterinsights:monsterinsights:7.17.0
-
cpe:2.3:a:monsterinsights:monsterinsights:7.18.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.0.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.0.1
-
cpe:2.3:a:monsterinsights:monsterinsights:8.1.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.2.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.1
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.2
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.3
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.4
-
cpe:2.3:a:monsterinsights:monsterinsights:8.4.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.5.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.5.1
-
cpe:2.3:a:monsterinsights:monsterinsights:8.5.2
-
cpe:2.3:a:monsterinsights:monsterinsights:8.5.3
-
cpe:2.3:a:monsterinsights:monsterinsights:8.6.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.7.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.8.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.8.1
-
cpe:2.3:a:monsterinsights:monsterinsights:8.8.2
-
cpe:2.3:a:monsterinsights:monsterinsights:8.9.0