4.3

CVE-2022-38058

WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability

WP Shamsi <= 4.1.1 - Missing Authorization to Plugin Settings Update

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.
Mögliche Gegenmaßnahme
WP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس: Update to version 4.2.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WpvarWp Shamsi SwPlatformwordpress Version <= 4.1.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس
Version *-4.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.398
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
audit@patchstack.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://patchstack.com/database/vulnerability/wp-shamsi/wordpress-wp-shamsi-plugin-4-1-1-authenticated-plugin-setting-change-vulnerability/_s_id=cve
Third Party Advisory
https://wordpress.org/plugins/wp-shamsi/#developers
Product
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/35a0a0b8-2d62-4675-9bec-d26164271a03
Third Party Advisory