CVE-2022-1186

EPSS 0.68%
Veröffentlicht 19.04.2022 21:15:13
Zuletzt bearbeitet 21.11.2024 06:40:12
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.

Mögliche Gegenmaßnahme

Be POPIA Compliant: Update to version 1.1.16, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Be POPIA Compliant

Version * - 1.1.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Web-x ≫ Be Popia Compliant SwPlatformwordpress Version <= 1.1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.68%	0.707

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail=

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1186

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1186

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1186

EUVD