CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-4295

The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.131

EPSS Ranking 93.8%

CVSS Severity

CVSS v3 Score 6.1

References

https://wpscan.com/vulnerability/4ced1a4d-0c1f-42ad-8473-241c68b92b56
https://wpscan.com/vulnerability/4ced1a4d-0c1f-42ad-8473-241c68b92b56

Products affected by CVE-2022-4295

Appjetty » Show All Comments » Version: Any

cpe:2.3:a:appjetty:show_all_comments:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4295

Products

Pricing

Contact Us