CVE-2022-0989

HIGH

NS WooCommerce Watermark < 2.11.3 - Unauthenticated Cross-Site Scripting via Image Loading

Title source: llm
STIX 2.1

Description

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/a6bfc150-8e3f-4b2d-a6e1-09406af41dd4

Scores

CVSS v3 7.5
EPSS 0.0119
EPSS Percentile 63.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-80
Status published
Products (1)
nsthemes/ns_watermark_for_woocommerce < 2.11.3
Published Apr 11, 2022
Tracked Since Feb 18, 2026