7.5
CVE-2022-2367
- EPSS 0.95%
- Veröffentlicht 08.08.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 07:00:51
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWSM Downloader <= 1.4.0 - Domain Name Restriction Bypass
WSM Downloader <- 1.4.0 - Domain Bypass
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
Mögliche Gegenmaßnahme
WSM Downloader: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wsm Downloader Project ≫ Wsm Downloader SwPlatformwordpress Version <= 1.4.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WSM Downloader
Version
*-1.4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.567 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6374cda-5aa2-4a2c-8d20-5641cfc33529