6.5
CVE-2022-2108
- EPSS 0.69%
- Veröffentlicht 18.07.2022 17:15:08
- Zuletzt bearbeitet 05.05.2025 17:18:08
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass
The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.
Mögliche Gegenmaßnahme
Wbcom Designs – BuddyPress Group Reviews: Update to version 2.8.4, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Wbcom Designs – BuddyPress Group Reviews
Version
* - 2.8.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wbcomdesigns ≫ Buddypress Group Reviews SwPlatformwordpress Version < 2.8.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.69% | 0.711 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.