9.1

CVE-2022-36793

WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities

WP Shop <= 3.9.6 - Missing Authentication to Settings Change and Order Deletion

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.
Mögliche Gegenmaßnahme
WP Shop: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp-shopWp Shop SwPlatformwordpress Version <= 3.9.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WP Shop
Version *-3.9.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.72% 0.49
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
audit@patchstack.com 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://patchstack.com/database/vulnerability/wp-shop-original/wordpress-wp-shop-plugin-3-9-6-unauthenticated-plugin-settings-change-data-deletion-vulnerabilities/_s_id=cve
Third Party Advisory
https://wordpress.org/plugins/wp-shop-original/
Product
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/5f1700c2-9c1f-4882-9f11-13b4ee8477a9
Third Party Advisory