CVE-2022-4872
CVSS V2 None
CVSS V3 None
Description
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'
Overview
- CVE ID
- CVE-2022-4872
- Assigner
- contact@wpscan.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-01-30T21:15:12
- Last Modified Date
- 2023-02-07T01:40:31
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:chained_products_project:chained_products:*:*:*:*:*:wordpress:*:* | 1 | OR | 2.12.0 |
References
| Reference URL | Reference Tags |
|---|---|
| https://wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6 | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4872 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4872 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 06:57:18 | Added to TrackCVE | |||
| 2023-04-17 06:57:20 | Weakness Enumeration | new |