6.5

CVE-2022-1663

Exploit

EPSS 0.22%
Veröffentlicht 29.08.2022 18:15:08
Zuletzt bearbeitet 21.11.2024 06:41:12
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Stop Spam Comments <= 0.2.1.2 - Protection Mechanism Bypass

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.

Mögliche Gegenmaßnahme

Stop Spam Comments: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Stop Spam Comments

Version *-0.2.1.2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Stop Spam Comments Project ≫ Stop Spam Comments SwPlatformwordpress Version <= 0.2.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.44

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://wpscan.com/vulnerability/30820be1-e96a-4ff6-b1ec-efda14069e70

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/62061cf9-cdbf-4cb2-9890-36bdcbc65c21

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1663

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1663

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1663

EUVD