CVE-2022-0969

{"id": "CVE-2022-0969", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2022-04-11T15:15:08.833", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2695242", "tags": ["Patch", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/59a7a441-7384-4006-89b4-15345f70fabf", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its \"Lazyload background images for selectors\" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed."}, {"lang": "es", "value": "El plugin Image optimization & Lazy Load by Optimole de WordPress versiones anteriores a 3.3.2, no sanea ni escapa de su configuraci\u00f3n \"Lazyload background images for selectors\", lo que podr\u00eda permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de tipo Cross-Site scripting incluso cuando la capacidad unfiltered_html est\u00e1 deshabilitada"}], "lastModified": "2022-04-15T03:39:26.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vertistudio:image_optimization_\\&_lazy_load_by_optimole:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "50D75D19-4763-4A18-AEDC-0121F6B5702B", "versionEndExcluding": "3.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}