6.5
CVE-2022-4555
- EPSS 0.09%
- Veröffentlicht 16.12.2022 14:15:09
- Zuletzt bearbeitet 21.11.2024 07:35:28
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities.
Mögliche Gegenmaßnahme
WP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس: Update to version 4.1.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس
Version
* - 4.1.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.254 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|