CVE-2022-38135

Опубликовано: 12 сент. 2022

Источник: nvd

CVSS3: 5.4

CVSS3: 4.3

EPSS Низкий

Описание

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

Ссылки

https://patchstack.com/database/vulnerability/photospace/wordpress-photospace-gallery-plugin-2-3-5-broken-access-control-vulnerability
Third Party Advisory
https://wordpress.org/plugins/photospace/
Product
Third Party Advisory
https://patchstack.com/database/vulnerability/photospace/wordpress-photospace-gallery-plugin-2-3-5-broken-access-control-vulnerability
Third Party Advisory
https://wordpress.org/plugins/photospace/
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:photospace_gallery_project:photospace_gallery:*:*:*:*:*:wordpress:*:*

Версия до 2.3.5 (включая)

EPSS

Процентиль: 39%

0.00178

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-264

NVD-CWE-Other

Связанные уязвимости

GHSA-cvjg-9hcx-pvx4

CVSS3: 6.5

github

больше 3 лет назад

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

EPSS

Процентиль: 39%

0.00178

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-264

NVD-CWE-Other