Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29415: WordPress Ravpage plugin <= 2.16 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin <= 2.16 at WordPress.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth

ravpage

Software

Ravpage

Vulnerable Versions

<= 2.16

Fixed in version

CVE

CVE-2022-29415

References

Credits

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2022-04-28

CVSS 3.0 score

Can be exploited remotely without any authentication.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability was discovered by Tien Nguyen Anh (Patchstak Alliance) in the WordPress Ravpage plugin (versions <= 2.16).

Solution

Deactivate and delete. This plugin has been closed as of April 21, 2022 and is not available for download. This closure is temporary, pending a full review.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE