CVE-2022-2219

moderate-risk
Published 2022-07-25

The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Do I need to act?

!
16.6% chance of exploitation in next 30 days
EPSS score — higher than 83% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Brizy

References (2)

Exploit https://wpscan.com/vulnerability/1240797c-7f45-4c36-83f0-501c544ce76a
Exploit https://wpscan.com/vulnerability/1240797c-7f45-4c36-83f0-501c544ce76a
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 13/34 · Low
Exposure 5/34 · Minimal