CVE-2022-2311
Published: 28 November 2022
Summary
CVE-2022-2311 is a medium-severity an unspecified weakness vulnerability in Find And Replace All Project Find And Replace All. Its CVSS base score is 6.1 (Medium).
Operationally, ranked at the 43.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34581
Vulnerability details
The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.