CVE-2022-1772 - Vulnerability Details - OpenCVE

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.02383.

Key SSVC decision points have not yet been added.

Vendors	Products
Google Places Reviews Project	Google Places Reviews

Configuration 1 [-]

cpe:2.3:a:google_places_reviews_project:google_places_reviews:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-25053	The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679ab

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-06-13T12:42:45

Updated: 2024-08-03T00:16:59.892Z

Reserved: 2022-05-17T00:00:00

Link: CVE-2022-1772

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-13T13:15:12.437

Modified: 2024-11-21T06:41:26.137

Link: CVE-2022-1772

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Google Places Reviews", "vendor": "Unknown", "versions": [{"lessThan": "2.0.0", "status": "affected", "version": "2.0.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Krishna Harsha Kondaveeti"}], "descriptions": [{"lang": "en", "value": "The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-13T12:42:45", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679ab"}], "source": {"discovery": "EXTERNAL"}, "title": "Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting ", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-1772", "STATE": "PUBLIC", "TITLE": "Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Google Places Reviews", "version": {"version_data": [{"version_affected": "<", "version_name": "2.0.0", "version_value": "2.0.0"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Krishna Harsha Kondaveeti"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679ab", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679ab"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:16:59.892Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679ab"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1772", "datePublished": "2022-06-13T12:42:45", "dateReserved": "2022-05-17T00:00:00", "dateUpdated": "2024-08-03T00:16:59.892Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google_places_reviews_project:google_places_reviews:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E3777A1B-C631-42CB-9880-368D222CB0B7", "versionEndExcluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account."}, {"lang": "es", "value": "El plugin Google Places Reviews de WordPress versiones anteriores a 2.0.0, no escapa correctamente de la configuraci\u00f3n de la clave de la API de Google, que es reflejado en el panel de administraci\u00f3n del sitio. Un administrador malicioso podr\u00eda abusar de este error, en una configuraci\u00f3n de WordPress multisitio, para enga\u00f1ar a super administradores para que vean la carga \u00fatil con trampa y tomen el control de su cuenta"}], "id": "CVE-2022-1772", "lastModified": "2024-11-21T06:41:26.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-13T13:15:12.437", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679ab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679ab"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}