4.3
CVE-2022-3923
- EPSS 0.48%
- Veröffentlicht 09.01.2023 23:15:26
- Zuletzt bearbeitet 09.04.2025 19:15:44
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup
ActiveCampaign for WooCommerce <= 1.9.6 - Missing Authorization to Error Log Deletion
ActiveCampaign for WooCommerce <= 1.9.7 - Cross-Site Request Forgery
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
Mögliche Gegenmaßnahme
ActiveCampaign for WooCommerce: Update to version 1.9.7, or a newer patched version
ActiveCampaign for WooCommerce: Update to version 1.9.8, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Activecampaign ≫ Activecampaign For Woocommerce SwPlatformwordpress Version < 1.9.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ActiveCampaign for WooCommerce
Version
*-1.9.6
SystemWordPress Plugin
≫
Produkt
ActiveCampaign for WooCommerce
Version
*-1.9.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.378 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wpscan.com/vulnerability/6536946a-7ebf-4f8f-9446-36ec2a2a3ad2
https://www.wordfence.com/threat-intel/vulnerabilities/id/09aa2a44-8665-4f70-97a5-2e869c4610a4
https://www.wordfence.com/threat-intel/vulnerabilities/id/a0299b95-abbf-43c4-81d0-7c383d92cffe