CVE-2022-29417

Опубликовано: 25 апр. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.

Ссылки

https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-3-1-subscriber-plugin-settings-update-vulnerability
Release Notes
Third Party Advisory
https://wordpress.org/plugins/shortpixel-adaptive-images/#developers
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-3-1-subscriber-plugin-settings-update-vulnerability
Release Notes
Third Party Advisory
https://wordpress.org/plugins/shortpixel-adaptive-images/#developers
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shortpixel:shortpixel_adaptive_images:*:*:*:*:*:wordpress:*:*

Версия до 3.3.1 (включая)

EPSS

Процентиль: 34%

0.00135

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-2w64-8h5x-5x42