exploitDog

CVE-2022-3419

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Ссылки

https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:addify:automatic_user_roles_switcher:*:*:*:*:*:wordpress:*:*

Версия до 1.1.2 (исключая)

EPSS

Процентиль: 41%

0.00188

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-269

Связанные уязвимости

GHSA-w8cr-4wjm-8jwj

CVSS3: 6.5

github

больше 3 лет назад

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

EPSS

Процентиль: 41%

0.00188

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-269