CVE-2022-4888

Exploit

EPSS 0.32%
Veröffentlicht 31.07.2023 10:15:09
Zuletzt bearbeitet 21.11.2024 07:36:08
Quelle contact@wpscan.com
Teams Watchlist Login
Unerledigt Login

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Addify ≫ Abandoned Cart Recovery SwPlatformwordpress Version < 1.2.5

Addify ≫ Advanced Free Gifts SwPlatformwordpress Version < 1.0.2

Addify ≫ Checkout Fields Manager SwPlatformwordpress Version < 1.0.2

Addify ≫ Custom Fields For Woocommerce SwPlatformwordpress Version < 1.0.4

Addify ≫ Custom Order Number SwPlatformwordpress Version <= 1.0.1

Addify ≫ Custom Registration Forms Builder SwPlatformwordpress Version < 1.0.2

Addify ≫ Gift Registry For Woocommerce SwPlatformwordpress Version <= 1.0.1

Addify ≫ Image Watermark For Woocommerce SwPlatformwordpress Version <= 1.0.1

Addify ≫ Order Approval For Woocommerce SwPlatformwordpress Version < 1.1.0

Addify ≫ Order Tracking For Woocommerce SwPlatformwordpress Version < 1.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.542

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-4888

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4888

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4888

EUVD