5.3
CVE-2022-41839
- EPSS 0.48%
- Veröffentlicht 18.11.2022 23:15:26
- Zuletzt bearbeitet 21.11.2024 07:23:54
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability
LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.
Mögliche Gegenmaßnahme
LoginPress | wp-login Custom Login Page Customizer: Update to version 1.6.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpbrigade ≫ Loginpress SwPlatformwordpress Version <= 1.6.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
LoginPress | wp-login Custom Login Page Customizer
Version
*-1.6.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.375 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| audit@patchstack.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
https://patchstack.com/database/vulnerability/loginpress/wordpress-loginpress-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/d212c19d-fca9-4daf-95f4-5b3ac302e817