{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T03:36:22.471","vulnerabilities":[{"cve":{"id":"CVE-2022-3402","sourceIdentifier":"security@wordfence.com","published":"2022-10-28T19:15:09.857","lastModified":"2026-06-17T04:59:27.820","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."},{"lang":"es","value":"El complemento Log HTTP Requests para WordPress es vulnerable a Stored Cross-Site Scripting a través de solicitudes HTTP registradas en versiones hasta la 1.3.1 inclusive debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados que pueden engañar al administrador de un sitio para que realice una acción como hacer clic en un enlace, o a un usuario autenticado con acceso a una página que envía una solicitud utilizando datos proporcionados por el usuario a través del servidor, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"mgibbs189","product":"Log HTTP Requests","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-31T18:46:50.696022Z","id":"CVE-2022-3402","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facetwp:log_http_requests:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.3.2","matchCriteriaId":"694404FF-7E7E-4837-A838-F64AF9119A5F"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2770821%40log-http-requests&new=2770821%40log-http-requests&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Patch","Third Party Advisory"]},{"url":"https://wordpress.org/plugins/log-http-requests/#developers","source":"security@wordfence.com","tags":["Product","Release Notes","Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b12b0a2a-3c3c-4d9c-a404-c8f170638e31?source=cve","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3402","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2770821%40log-http-requests&new=2770821%40log-http-requests&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://wordpress.org/plugins/log-http-requests/#developers","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Release Notes","Third Party Advisory"]},{"url":"https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3402","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}