Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Progressive License by Unknown
CVE-2022-2171 (GCVE-0-2022-2171)
Vulnerability from nvd – Published: 2022-08-01 12:49 – Updated: 2024-08-03 00:32
VLAI?
Title
Progressive License <= 1.1.0 - CSRF to Stored XSS
Summary
The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Progressive License |
Affected:
1.1.0 , ≤ 1.1.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:07.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Progressive License",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:49:33.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Progressive License \u003c= 1.1.0 - CSRF to Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2171",
"STATE": "PUBLIC",
"TITLE": "Progressive License \u003c= 1.1.0 - CSRF to Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Progressive License",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.1.0",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2171",
"datePublished": "2022-08-01T12:49:33.000Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:07.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2171 (GCVE-0-2022-2171)
Vulnerability from cvelistv5 – Published: 2022-08-01 12:49 – Updated: 2024-08-03 00:32
VLAI?
Title
Progressive License <= 1.1.0 - CSRF to Stored XSS
Summary
The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Progressive License |
Affected:
1.1.0 , ≤ 1.1.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:07.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Progressive License",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:49:33.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Progressive License \u003c= 1.1.0 - CSRF to Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2171",
"STATE": "PUBLIC",
"TITLE": "Progressive License \u003c= 1.1.0 - CSRF to Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Progressive License",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.1.0",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2171",
"datePublished": "2022-08-01T12:49:33.000Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:07.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}