Vulnerability Details CVE-2022-3904
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.265
EPSS Ranking 96.2%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2022-3904
-
cpe:2.3:a:monsterinsights:monsterinsights:-
-
cpe:2.3:a:monsterinsights:monsterinsights:7.15.0
-
cpe:2.3:a:monsterinsights:monsterinsights:7.15.1
-
cpe:2.3:a:monsterinsights:monsterinsights:7.16.0
-
cpe:2.3:a:monsterinsights:monsterinsights:7.16.1
-
cpe:2.3:a:monsterinsights:monsterinsights:7.16.2
-
cpe:2.3:a:monsterinsights:monsterinsights:7.17.0
-
cpe:2.3:a:monsterinsights:monsterinsights:7.18.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.0.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.0.1
-
cpe:2.3:a:monsterinsights:monsterinsights:8.1.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.2.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.1
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.2
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.3
-
cpe:2.3:a:monsterinsights:monsterinsights:8.3.4
-
cpe:2.3:a:monsterinsights:monsterinsights:8.4.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.5.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.5.1
-
cpe:2.3:a:monsterinsights:monsterinsights:8.5.2
-
cpe:2.3:a:monsterinsights:monsterinsights:8.5.3
-
cpe:2.3:a:monsterinsights:monsterinsights:8.6.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.7.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.8.0
-
cpe:2.3:a:monsterinsights:monsterinsights:8.8.1
-
cpe:2.3:a:monsterinsights:monsterinsights:8.8.2
-
cpe:2.3:a:monsterinsights:monsterinsights:8.9.0