CVE-2022-45082

MEDIUM

Published Nov 18, 20223y ago · Modified Jun 17, 20261w ago

4.8 CVSS 3.1

Medium

Published Nov 18, 2022 3y ago

Last Modified Jun 17, 2026 1w ago

Description

Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key.

CVSS Details

Base Score

4.8

Exploitability

1.7

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

Vendor	Product	Version	Range
oxilab	accordions	*	<2.1.0

References 2

patchstack.com https://patchstack.com/database/vulnerability/accordions-or-faqs/wordpress-accordions-plugin-2-0-3-multiple-auth-stored-cross-site-scripting-xss-vulnerabilities?_s_id=cve

Third Party Advisory
wordpress.org https://wordpress.org/plugins/accordions-or-faqs/#developers

Release NotesThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.