CVE-2022-40205

Опубликовано: 08 нояб. 2022

Источник: nvd

CVSS3: 5.4

CVSS3: 4.3

EPSS Низкий

Описание

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.

Ссылки

https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-5-insecure-direct-object-references-idor-vulnerability-2?_s_id=cve
Third Party Advisory
https://wordpress.org/plugins/wpforo/
Product
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-5-insecure-direct-object-references-idor-vulnerability-2?_s_id=cve
Third Party Advisory
https://wordpress.org/plugins/wpforo/
Product
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*

Версия до 2.0.5 (включая)

EPSS

Процентиль: 41%

0.00188

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-wjv9-hqx9-p9x7

CVSS3: 4.3

github

около 3 лет назад

EPSS

Процентиль: 41%

0.00188

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639