Headline

CVE-2022-27852: WordPress KB Support – WordPress Help Desk plugin <= 1.5.5 - Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5

2 years ago

CVE

Open in Source

#xss #vulnerability #web

kb-support

Software

KB Support

Vulnerable Versions

<= 1.5.5

Fixed in version

CVE

CVE-2022-27852

References

Credits

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2022-04-15

CVSS 3.0 score

Can be exploited remotely without any authentication.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities were discovered by Ngo Van Thien (Patchstack Alliance) in WordPress KB Support – WordPress Help Desk plugin (versions <= 1.5.5).

Solution

No patched version is available. No reply from the vendor.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago