CVE-2022-1772 — MEDIUM (4.8)

Q: How severe is CVE-2022-1772?

CVE-2022-1772 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1772?

Check the references section above for vendor advisories and patch information. Affected products include: Google Places Reviews Project Google Places Reviews.

Vulnerability Description

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Google Places Reviews Project	Google Places Reviews	< 2.0.0

Related Weaknesses (CWE)

CWE-79

References

https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679abExploitThird Party Advisory
https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679abExploitThird Party Advisory

FAQ

What is CVE-2022-1772?

CVE-2022-1772 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abus...

How severe is CVE-2022-1772?

CVE-2022-1772 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1772?

Check the references section above for vendor advisories and patch information. Affected products include: Google Places Reviews Project Google Places Reviews.