exploitDog

CVE-2022-0444

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.

Ссылки

https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:watchful:xcloner:*:*:*:*:*:wordpress:*:*

Версия до 4.3.6 (исключая)

EPSS

Процентиль: 22%

0.00073

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-c7r4-v2h5-45gx

CVSS3: 4.3

github

больше 3 лет назад

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.

EPSS

Процентиль: 22%

0.00073

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352