Headline
CVE-2022-41980: WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability - Patchstack
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.
Verified
Fixed
4.8
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 0.13
PSID
371465969b50
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-10-20
Details
Auth. Cross-Site Scripting (XSS) vulnerability discovered by Mika (Patchstack Alliance) in the WordPress Mantenimiento web plugin (versions <= 0.13).
Solution
Update the WordPress Mantenimiento web plugin to the latest available version (at least 0.14).
References