CVE-2022-0188

Exploit

EPSS 7.49%
Veröffentlicht 14.02.2022 12:15:16
Zuletzt bearbeitet 21.11.2024 06:38:06
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

CMP - Coming Soon & Maintenance Plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.

Mögliche Gegenmaßnahme

CMP – Coming Soon & Maintenance Plugin by NiteoThemes: Update to version 4.0.19, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt CMP – Coming Soon & Maintenance Plugin by NiteoThemes

Version [*, 4.0.19)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Niteothemes ≫ Cmp SwPlatformwordpress Version < 4.0.19

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.49%	0.916

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://plugins.trac.wordpress.org/changeset/2657597/cmp-coming-soon-maintenance

Patch

Third Party Advisory

https://wpscan.com/vulnerability/50b6f770-6f53-41ef-b2f3-2a58e9afd332

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/b4956173-b306-401c-b966-df884e8979e0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0188

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0188

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0188

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-0188