4.3

CVE-2022-0287

Exploit

EPSS 0.25%
Veröffentlicht 25.04.2022 16:16:07
Zuletzt bearbeitet 17.10.2025 16:52:50
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization

The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog

Mögliche Gegenmaßnahme

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred: Update to version 2.4.3.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

Version [*, 2.4.3.1)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpexperts ≫ Mycred SwPlatformwordpress Version < 2.4.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.478

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/6cd7cd6d-1cc1-472c-809b-b66389f149b0

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/80b15512-210c-4c6b-a3ad-f5d6042091a3

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0287

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0287

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0287

EUVD