CVE-2022-4755 LOW

CVE-2022-4755: FlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting

Vendor N/A
Product FlatPress
Weakness CWE-79 · XSS
Published December 27, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability.

Key dates

02Disclosure timeline

December 27, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field CVE-2024-53709 WordPress Generic Elements plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability CVE-2025-53933 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'adicionar_enfermidade.php' parameter 'nome' CVE-2025-54724 WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability CVE-2025-31625 WordPress Useinfluence plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability