CVE-2022-40206

Опубликовано: 08 нояб. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 4.3

EPSS Низкий

Описание

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.

Ссылки

https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve
Third Party Advisory
https://wordpress.org/plugins/wpforo/
Product
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve
Third Party Advisory
https://wordpress.org/plugins/wpforo/
Product
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*

Версия до 2.0.5 (включая)

EPSS

Процентиль: 43%

0.00211

Низкий

6.3 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-vf5x-8r9f-vm4f

CVSS3: 4.3

github

около 3 лет назад

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.

EPSS

Процентиль: 43%

0.00211

Низкий

6.3 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639