exploitDog

CVE-2022-40223

Опубликовано: 08 нояб. 2022

Источник: nvd

CVSS3: 5.4

CVSS3: 4.3

EPSS Низкий

Описание

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

Ссылки

https://patchstack.com/database/vulnerability/searchwp/wordpress-searchwp-premium-plugin-4-2-5-broken-authentication-vulnerability?_s_id=cve
Third Party Advisory
https://searchwp.com/documentation/changelog/
Release Notes
Vendor Advisory
https://patchstack.com/database/vulnerability/searchwp/wordpress-searchwp-premium-plugin-4-2-5-broken-authentication-vulnerability?_s_id=cve
Third Party Advisory
https://searchwp.com/documentation/changelog/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:searchwp:searchwp:*:*:*:*:*:wordpress:*:*

Версия до 4.2.5 (включая)

EPSS

Процентиль: 57%

0.00346

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-fqqv-r25w-2p97

CVSS3: 4.3

github

около 3 лет назад

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

EPSS

Процентиль: 57%

0.00346

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862