Published: 30/05/2022 Updated: 16/11/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

The Quotes llama WordPress plugin prior to 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file

Vulnerable Product	Search on Vulmon	Subscribe to Product
quotes llama project quotes llama

CVE-2022-1566 The Quotes llama WordPress plugin before 100 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed The attack could also be performed by tricking an admin to import a malicious CSV file authentication complexity vector SINGLE MEDIUM NETWORK

CWE-79 https://wpscan.com/vulnerability/0af030d8-b676-4826-91c0-98706b816f3c https://github.com/Live-Hack-CVE/CVE-2022-1566 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-1566

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect