CVE-2022-0448
Published: 07 March 2022
Summary
CVE-2022-0448 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Dwbooster Cp Blocks. Its CVSS base score is 4.8 (Medium).
Operationally, ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability is a stored cross-site scripting flaw (CWE-79) in the CP Blocks WordPress plugin prior to version 1.0.15. The plugin fails to sanitize or escape the value of its “License ID” setting, allowing the injection of arbitrary script even when the unfiltered_html capability is disabled. The issue carries a CVSS 3.1 score of 4.8 and affects any site that has the plugin installed and configured.
High-privilege users such as administrators can supply a malicious License ID value through the plugin’s settings page. When the setting is later rendered in the administrative interface, the injected script executes in the browser of any user who views the page, enabling theft of cookies, session tokens, or other actions within the WordPress admin context.
The referenced WPScan advisory recommends updating the CP Blocks plugin to version 1.0.15 or later, which contains the necessary escaping fixes. No other official vendor advisory or patch details are provided in the supplied references.
EPSS remains flat at 0.0626 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-15587
Vulnerability details
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.