exploitDog

CVE-2022-1589

Опубликовано: 30 мая 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector

Ссылки

https://wpscan.com/vulnerability/257f9e14-4f43-4852-8384-80c15d087633
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/257f9e14-4f43-4852-8384-80c15d087633
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpexperts:all_in_one_login:*:*:*:*:-:wordpress:*:*

Версия до 1.1.0 (исключая)

EPSS

Процентиль: 45%

0.00224

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-v43h-w929-q37g

CVSS3: 7.5

github

больше 3 лет назад

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector

EPSS

Процентиль: 45%

0.00224

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-352