5.3
CVE-2022-0188
- EPSS 2.38%
- Veröffentlicht 14.02.2022 12:15:16
- Zuletzt bearbeitet 21.11.2024 06:38:06
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginComing Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update
CMP - Coming Soon & Maintenance Plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.
Mögliche Gegenmaßnahme
CMP – Coming Soon & Maintenance Plugin by NiteoThemes: Update to version 4.0.19, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Niteothemes ≫ Cmp SwPlatformwordpress Version < 4.0.19
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
CMP – Coming Soon & Maintenance Plugin by NiteoThemes
Version
[*, 4.0.19)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.38% | 0.817 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://plugins.trac.wordpress.org/changeset/2657597/cmp-coming-soon-maintenance
https://wpscan.com/vulnerability/50b6f770-6f53-41ef-b2f3-2a58e9afd332
https://www.wordfence.com/threat-intel/vulnerabilities/id/b4956173-b306-401c-b966-df884e8979e0