CVE-2022-4426

Exploit

EPSS 0.28%
Published 09.01.2023 23:15:28
Last modified 09.04.2025 19:15:45
Source contact@wpscan.com
Teams watchlist Login
Open Login

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Wpswings ≫ Mautic Integration For Woocommerce SwPlatformwordpress Version < 1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.28%	0.515

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-4426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4426

EUVD