CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-4541

The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the nm_vistior page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 81.8%

CVSS Severity

CVSS v3 Score 7.2

References

https://plugins.trac.wordpress.org/browser/nm-visitors/trunk/nm-visitors.php#L105
https://plugins.trac.wordpress.org/browser/nm-visitors/trunk/nm-visitors.php#L63
https://www.wordfence.com/threat-intel/vulnerabilities/id/fa15c0a4-c99d-40c9-a654-f3a910460502?source=cve

Products affected by CVE-2022-4541

Nitinmaurya » Wordpress Visitors » Version: N/A

cpe:2.3:a:nitinmaurya:wordpress_visitors:-
Nitinmaurya » Wordpress Visitors » Version: 1.0

cpe:2.3:a:nitinmaurya:wordpress_visitors:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4541

Products

Pricing

Contact Us