4.3
CVE-2022-2389
- EPSS 0.15%
- Veröffentlicht 22.08.2022 15:15:14
- Zuletzt bearbeitet 21.11.2024 07:00:53
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAbandoned Cart Recovery for WooCommerce by Autonami <= 2.1.1 - Missing Authorization
The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations
Mögliche Gegenmaßnahme
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce: Update to version 2.1.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
Version
*-2.1.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Funnelkit ≫ Funnelkit Automations SwPlatformwordpress Version < 2.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.354 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.