CVE-2022-2798 — HIGH (8.0) — White Hats Nepal

Q: How severe is CVE-2022-2798?

CVE-2022-2798 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-2798?

Check the references section above for vendor advisories and patch information. Affected products include: Wpaffiliatemanager Affiliates Manager.

Vulnerability Description

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wpaffiliatemanager	Affiliates Manager	< 2.9.14

Related Weaknesses (CWE)

CWE-1236

References

https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90eddExploitThird Party Advisory
https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90eddExploitThird Party Advisory

FAQ

What is CVE-2022-2798?

CVE-2022-2798 is a vulnerability with a CVSS score of 8.0 (HIGH). The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an ad...

How severe is CVE-2022-2798?

CVE-2022-2798 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-2798?

Check the references section above for vendor advisories and patch information. Affected products include: Wpaffiliatemanager Affiliates Manager.