5.9
CVE-2022-3206
- EPSS 0.2%
- Veröffentlicht 17.10.2022 12:15:10
- Zuletzt bearbeitet 14.05.2025 21:15:53
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginPassster <= 3.5.5.5.1 - Insecure Password Storage to Sensitive Data Exposure
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.
Mögliche Gegenmaßnahme
Passster – Password Protect Pages and Content: Update to version 3.5.5.5.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Passster – Password Protect Pages and Content
Version
*-3.5.5.5.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Passster Project ≫ Passster SwPlatformwordpress Version < 3.5.5.5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.419 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.