5.7

CVE-2022-3881

Exploit

WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation

WP Tools <= 3.42 - Missing Authorization to Select Plugin Installation

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Mögliche Gegenmaßnahme
WP Tools Debug Log, Repair, Javascript errors, Jquery errors, Increase Maximum Limits, File Permissions, Transients, Error Log: Update to version 3.43, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wptools ProjectWptools SwPlatformwordpress Version < 3.43
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WP Tools Debug Log, Repair, Javascript errors, Jquery errors, Increase Maximum Limits, File Permissions, Transients, Error Log
Version *-3.42
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.348
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.7 2.1 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 2.1 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://wpscan.com/vulnerability/c2a9cf01-051a-429a-82ca-280885114b5a
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/668a77e4-9d0a-4835-be5c-4c1acfe7ba43
Third Party Advisory