4.3
CVE-2022-3923
- EPSS 0.1%
- Veröffentlicht 09.01.2023 23:15:26
- Zuletzt bearbeitet 09.04.2025 19:15:44
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginActiveCampaign for WooCommerce <= 1.9.6 - Missing Authorization to Error Log Deletion
ActiveCampaign for WooCommerce <= 1.9.7 - Cross-Site Request Forgery
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
Mögliche Gegenmaßnahme
ActiveCampaign for WooCommerce: Update to version 1.9.7, or a newer patched version
ActiveCampaign for WooCommerce: Update to version 1.9.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ActiveCampaign for WooCommerce
Version
* - 1.9.6
SystemWordPress Plugin
≫
Produkt
ActiveCampaign for WooCommerce
Version
* - 1.9.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Activecampaign ≫ Activecampaign For Woocommerce SwPlatformwordpress Version < 1.9.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.289 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.