CVE-2022-3805

Опубликовано: 22 дек. 2022

Источник: nvd

CVSS3: 8.6

CVSS3: 7.5

EPSS Средний

Описание

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.

Ссылки

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=
Exploit
Third Party Advisory
https://wordpress.org/plugins/jeg-elementor-kit/#developers
Product
Release Notes
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2811758%40jeg-elementor-kit%2Ftrunk&old=2810568%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=
Exploit
Third Party Advisory
https://wordpress.org/plugins/jeg-elementor-kit/#developers
Product
Release Notes
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:*

Версия до 2.5.7 (исключая)

EPSS

Процентиль: 94%

0.12506

Средний

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-j26m-pwx8-x5jf

CVSS3: 7.5

github

около 3 лет назад

EPSS

Процентиль: 94%

0.12506

Средний

8.6 High

CVSS3

7.5 High

CVSS3