CVE-2022-3556
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Summary
CVE-2022-3556 identifies a vulnerability in the Cab Fare Calculator plugin for WordPress, specifically in versions up to 1.1.6, which is susceptible to Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping. This issue primarily affects multi-site installations where the unfiltered_html feature is disabled, allowing authenticated attackers with administrative privileges to inject arbitrary scripts that execute upon user access. The potential danger posed by this vulnerability includes the possibility of attackers manipulating web pages and compromising user data, with a medium severity rating and an exploitability score of 1.3. Remediation involves updating the plugin to a patched version that addresses these security flaws. Organizations using this plugin should prioritize applying updates to mitigate the risk of exploitation and protect their users' information.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.