exploitDog

CVE-2022-3451

Опубликовано: 07 нояб. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options

Ссылки

https://wpscan.com/vulnerability/d8005cd0-8232-4d43-a4e4-14728eaf1300
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d8005cd0-8232-4d43-a4e4-14728eaf1300
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:addify:product_stock_manager:*:*:*:*:*:wordpress:*:*

Версия до 1.0.5 (исключая)

EPSS

Процентиль: 24%

0.00078

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-f6x7-qg62-r396

CVSS3: 4.3

github

больше 3 лет назад

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options

EPSS

Процентиль: 24%

0.00078

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

CWE-352