CVE-2022-2391 — MEDIUM (5.4)

Q: What is CVE-2022-2391?

CVE-2022-2391 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

Q: How severe is CVE-2022-2391?

CVE-2022-2391 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-2391?

Check the references section above for vendor advisories and patch information. Affected products include: Wpzoom Inspiro Pro.

Vulnerability Description

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wpzoom	Inspiro Pro	< 7.2.3

Related Weaknesses (CWE)

CWE-79

References

https://wpscan.com/vulnerability/dd6ebf6b-209b-437c-9fe4-527ab9e3b9e3ExploitThird Party Advisory
https://wpscan.com/vulnerability/dd6ebf6b-209b-437c-9fe4-527ab9e3b9e3ExploitThird Party Advisory

FAQ

What is CVE-2022-2391?

CVE-2022-2391 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

How severe is CVE-2022-2391?

CVE-2022-2391 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-2391?

Check the references section above for vendor advisories and patch information. Affected products include: Wpzoom Inspiro Pro.