exploitDog

CVE-2022-4384

Опубликовано: 06 фев. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.

Ссылки

https://wpscan.com/vulnerability/2b506252-6f37-439e-8984-7316d5cca2e5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/2b506252-6f37-439e-8984-7316d5cca2e5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xwp:stream:*:*:*:*:*:wordpress:*:*

Версия до 3.9.2 (исключая)

EPSS

Процентиль: 72%

0.00712

Низкий

6.5 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-frh4-4pfg-65vw

CVSS3: 6.5

github

около 3 лет назад

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.

EPSS

Процентиль: 72%

0.00712

Низкий

6.5 Medium

CVSS3

Дефекты