CVE-2022-38073 - Vulnerability Details - OpenCVE

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00295.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Getawesomesupport	Awesome Support

Configuration 1 [-]

cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-6922	Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.
Github GHSA	GHSA-qrqm-574x-q7f2	Awesome Support vulnerable to persistent cross-site scripting

Fixes

Solution

Update to 6.0.8 or higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities
https://wordpress.org/plugins/awesome-support/#developers

History

Fri, 21 Feb 2025 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-09-21T19:07:42.549Z

Updated: 2025-02-20T20:05:02.689Z

Reserved: 2022-09-14T00:00:00.000Z

Link: CVE-2022-38073

Vulnrichment

Updated: 2024-08-03T10:45:52.285Z

NVD

Status : Modified

Published: 2022-09-21T20:15:10.830

Modified: 2024-11-21T07:15:43.467

Link: CVE-2022-38073

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Awesome Support (WordPress plugin)", "vendor": "Awesome Support Team", "versions": [{"lessThanOrEqual": "6.0.7", "status": "affected", "version": "<= 6.0.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Vlad Vector (Patchstack)"}], "datePublic": "2022-09-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T19:07:42.000Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/awesome-support/#developers"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities"}], "solutions": [{"lang": "en", "value": "Update to 6.0.8 or higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-09-14T15:53:00.000Z", "ID": "CVE-2022-38073", "STATE": "PUBLIC", "TITLE": "WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Awesome Support (WordPress plugin)", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 6.0.7", "version_value": "6.0.7"}]}}]}, "vendor_name": "Awesome Support Team"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by Vlad Vector (Patchstack)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/awesome-support/#developers", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/awesome-support/#developers"}, {"name": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities"}]}, "solution": [{"lang": "en", "value": "Update to 6.0.8 or higher version."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.285Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/plugins/awesome-support/#developers"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-20T19:24:32.612219Z", "id": "CVE-2022-38073", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T20:05:02.689Z"}}]}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-38073", "datePublished": "2022-09-21T19:07:42.549Z", "dateReserved": "2022-09-14T00:00:00.000Z", "dateUpdated": "2025-02-20T20:05:02.689Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wordpress.org/plugins/awesome-support/#developers", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.285Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-38073", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-20T19:24:32.612219Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T19:24:34.069Z"}}], "cna": {"title": "WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties)", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Vulnerability discovered by Vlad Vector (Patchstack)"}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Awesome Support Team", "product": "Awesome Support (WordPress plugin)", "versions": [{"status": "affected", "version": "<= 6.0.7", "versionType": "custom", "lessThanOrEqual": "6.0.7"}]}], "solutions": [{"lang": "en", "value": "Update to 6.0.8 or higher version."}], "datePublic": "2022-09-14T00:00:00.000Z", "references": [{"url": "https://wordpress.org/plugins/awesome-support/#developers", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities", "tags": ["x_refsource_CONFIRM"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2022-09-21T19:07:42.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Vulnerability discovered by Vlad Vector (Patchstack)"}], "impact": {"cvss": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "<= 6.0.7", "version_value": "6.0.7", "version_affected": "<="}]}, "product_name": "Awesome Support (WordPress plugin)"}]}, "vendor_name": "Awesome Support Team"}]}}, "solution": [{"lang": "en", "value": "Update to 6.0.8 or higher version."}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://wordpress.org/plugins/awesome-support/#developers", "name": "https://wordpress.org/plugins/awesome-support/#developers", "refsource": "CONFIRM"}, {"url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities", "name": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-38073", "STATE": "PUBLIC", "TITLE": "WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties)", "ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-09-14T15:53:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2022-38073", "state": "PUBLISHED", "dateUpdated": "2025-02-20T20:05:02.689Z", "dateReserved": "2022-09-14T00:00:00.000Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2022-09-21T19:07:42.549Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "634DFA2E-035C-4EC6-BA23-2171D367CC7A", "versionEndIncluding": "6.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Persistente Autenticado (rol espec\u00edfico del plugin) en el plugin Awesome Support versiones anteriores a 6.0.7 incluy\u00e9ndola, en WordPress"}], "id": "CVE-2022-38073", "lastModified": "2024-11-21T07:15:43.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-21T20:15:10.830", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities"}, {"source": "audit@patchstack.com", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/awesome-support/#developers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/awesome-support/#developers"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}