exploitDog

CVE-2022-2389

Опубликовано: 22 авг. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations

Ссылки

https://wpscan.com/vulnerability/e70f00b7-6251-476e-9297-60af509e6ad9
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e70f00b7-6251-476e-9297-60af509e6ad9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:*

Версия до 2.1.2 (исключая)

EPSS

Процентиль: 37%

0.00156

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-7wc7-7jf5-q238

CVSS3: 4.3

github

больше 3 лет назад

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations

EPSS

Процентиль: 37%

0.00156

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

CWE-352