CVE-2022-2516 - OpenCVE

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Visualcomposer	Visual Composer Website Builder

Configuration 1 [-]

cpe:2.3:a:visualcomposer:visual_composer_website_builder:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2778808%40visualcomposer&new=2778808%40visualcomposer&sfp_email=&sfph_mail=	Patch Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-09-06T17:18:58

Updated: 2022-09-06T17:18:58

Reserved: 2022-07-22T00:00:00

Link: CVE-2022-2516

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-06T18:15:14.133

Modified: 2022-09-13T13:29:59.957

Link: CVE-2022-2516

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages", "vendor": "visualcomposer", "versions": [{"lessThanOrEqual": "45.0", "status": "affected", "version": "45.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Zhouyuan Yang"}], "descriptions": [{"lang": "en", "value": "The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T17:18:58", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2778808%40visualcomposer&new=2778808%40visualcomposer&sfp_email=&sfph_mail="}, {"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516"}], "source": {"discovery": "EXTERNAL"}, "title": "Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title'", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Wordfence", "ASSIGNER": "security@wordfence.com", "ID": "CVE-2022-2516", "STATE": "PUBLIC", "TITLE": "Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title'"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages", "version": {"version_data": [{"version_affected": "<=", "version_name": "45.0", "version_value": "45.0"}]}}]}, "vendor_name": "visualcomposer"}]}}, "credit": [{"lang": "eng", "value": "Zhouyuan Yang"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2778808%40visualcomposer&new=2778808%40visualcomposer&sfp_email=&sfph_mail=", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2778808%40visualcomposer&new=2778808%40visualcomposer&sfp_email=&sfph_mail="}, {"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516", "refsource": "MISC", "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2022-2516", "datePublished": "2022-09-06T17:18:58", "dateReserved": "2022-07-22T00:00:00", "dateUpdated": "2022-09-06T17:18:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:visualcomposer:visual_composer_website_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "72236E6D-2519-4BD6-9566-9E0ABD983BCF", "versionEndIncluding": "45.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Visual Composer Website Builder para WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado por medio del valor \"Title\" de la entrada/p\u00e1gina en versiones hasta 45.0 incluy\u00e9ndola, debido a un insuficiente saneo de la entrada y escape de la salida. Esto hace posible a atacantes autenticados con acceso al editor de visual composer inyecten scripts web arbitrarios en las p\u00e1ginas que ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.\n"}], "id": "CVE-2022-2516", "lastModified": "2022-09-13T13:29:59.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2022-09-06T18:15:14.133", "references": [{"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2778808%40visualcomposer&new=2778808%40visualcomposer&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}