CVE-2022-2654

Summary

The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting

Affected Software

VendorProductVersion RangeStatus
UnknownClassified Listing – Classified ads & Business Directory Plugin2.2.14 < 2.2.14affected
UnknownClassified Listing Pro - Classified ads & Business Directory Plugin2.0.20 < 2.0.20affected
UnknownClassified Listing Store & Membership Addon1.4.20 < 1.4.20affected
UnknownClassima Core1.10 < 1.10affected
UnknownClassima2.1.11 < 2.1.11affected

Weaknesses

  • CWE-79: CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References