Vulnerability Description
The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Turn Off All Comments Project | Turn Off All Comments | <= 1.0 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/18660c71-5a89-4ef6-b0dd-7a166e3449d6ExploitThird Party Advisory
- https://wpscan.com/vulnerability/18660c71-5a89-4ef6-b0dd-7a166e3449d6ExploitThird Party Advisory
FAQ
What is CVE-2022-1192?
CVE-2022-1192 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
How severe is CVE-2022-1192?
CVE-2022-1192 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1192?
Check the references section above for vendor advisories and patch information. Affected products include: Turn Off All Comments Project Turn Off All Comments.