CVE-2022-29449 - OpenCVE

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wpopal	Opal Hotel Room Booking

Configuration 1 [-]

cpe:2.3:a:wpopal:opal_hotel_room_booking:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/opal-hotel-room-booking/wordpress-opal-hotel-room-booking-plugin-1-2-7-stored-cross-site-scripting-xss-vulnerability
https://wordpress.org/plugins/opal-hotel-room-booking/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-05-19T15:15:18.465074Z

Updated: 2024-09-16T16:18:41.740Z

Reserved: 2022-04-18T00:00:00

Link: CVE-2022-29449

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-19T16:15:08.060

Modified: 2022-05-25T20:22:05.290

Link: CVE-2022-29449

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Opal Hotel Room Booking (WordPress plugin)", "vendor": "wpopal", "versions": [{"lessThanOrEqual": "1.2.7", "status": "affected", "version": "<= 1.2.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"}], "datePublic": "2022-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-19T15:15:18", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/opal-hotel-room-booking/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/opal-hotel-room-booking/wordpress-opal-hotel-room-booking-plugin-1-2-7-stored-cross-site-scripting-xss-vulnerability"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-05-17T14:10:00.000Z", "ID": "CVE-2022-29449", "STATE": "PUBLIC", "TITLE": "WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Opal Hotel Room Booking (WordPress plugin)", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 1.2.7", "version_value": "1.2.7"}]}}]}, "vendor_name": "wpopal"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/opal-hotel-room-booking/", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/opal-hotel-room-booking/"}, {"name": "https://patchstack.com/database/vulnerability/opal-hotel-room-booking/wordpress-opal-hotel-room-booking-plugin-1-2-7-stored-cross-site-scripting-xss-vulnerability", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/opal-hotel-room-booking/wordpress-opal-hotel-room-booking-plugin-1-2-7-stored-cross-site-scripting-xss-vulnerability"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:26:05.135Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/plugins/opal-hotel-room-booking/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/opal-hotel-room-booking/wordpress-opal-hotel-room-booking-plugin-1-2-7-stored-cross-site-scripting-xss-vulnerability"}]}]}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-29449", "datePublished": "2022-05-19T15:15:18.465074Z", "dateReserved": "2022-04-18T00:00:00", "dateUpdated": "2024-09-16T16:18:41.740Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpopal:opal_hotel_room_booking:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FB24270F-92CA-42F3-ACDD-CB90B0CA558A", "versionEndIncluding": "1.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) autenticado (rol de colaborador o usuario superior) en el plugin Opal Hotel Room Booking versiones anteriores a 1.2.7 incluy\u00e9ndola, en WordPress"}], "id": "CVE-2022-29449", "lastModified": "2022-05-25T20:22:05.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2022-05-19T16:15:08.060", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/opal-hotel-room-booking/wordpress-opal-hotel-room-booking-plugin-1-2-7-stored-cross-site-scripting-xss-vulnerability"}, {"source": "audit@patchstack.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/opal-hotel-room-booking/"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Primary"}]}