CVE-2022-1418

The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:pluginmirror:social_stickers:*:*:*:*:*:wordpress:*:*

History

24 May 2022, 16:01

Type Values Removed Values Added
CPE cpe:2.3:a:pluginmirror:social_stickers:*:*:*:*:*:wordpress:*:*
References (MISC) https://wpscan.com/vulnerability/3851e61e-f462-4259-af0a-8d832809d559 - (MISC) https://wpscan.com/vulnerability/3851e61e-f462-4259-af0a-8d832809d559 - Exploit, Third Party Advisory
First Time Pluginmirror social Stickers
Pluginmirror
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1

16 May 2022, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-16 15:15

Updated : 2022-05-24 16:01


NVD link : CVE-2022-1418

Mitre link : CVE-2022-1418


JSON object : View

Products Affected

pluginmirror

  • social_stickers
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-352

Cross-Site Request Forgery (CSRF)