CVE-2020-7228

{"id": "CVE-2020-7228", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-01-22T15:15:11.677", "references": [{"url": "https://spider-security.co.uk/blog-cve-2020-7228", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wordpress.org/plugins/calculated-fields-form/#developers", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/10043", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user."}, {"lang": "es", "value": "El plugin Calculated Fields Form versiones hasta 1.0.353 para WordPress, sufre de m\u00faltiples vulnerabilidades de tipo XSS Almacenado, presentes en los formularios de entrada. Estos pueden ser explotados por parte de un usuario autenticado."}], "lastModified": "2020-01-24T22:02:00.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D7F50453-081B-4E42-9574-2863C602B2C0", "versionEndIncluding": "1.0.353"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}