exploitDog

CVE-2022-1956

Опубликовано: 11 июл. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.

Ссылки

https://wpscan.com/vulnerability/ef6d0393-0ce3-465c-84c8-53bf8c58958a
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ef6d0393-0ce3-465c-84c8-53bf8c58958a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shortcut_macros_project:shortcut_macros:*:*:*:*:*:wordpress:*:*

Версия до 1.3 (включая)

EPSS

Процентиль: 24%

0.0008

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-6hmw-jrmv-2xhg

CVSS3: 6.5

github

больше 3 лет назад

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.

EPSS

Процентиль: 24%

0.0008

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-352