7.5
CVE-2022-4972
- EPSS 1.31%
- Veröffentlicht 16.10.2024 07:15:12
- Zuletzt bearbeitet 30.10.2024 16:34:55
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginDownload Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.
Mögliche Gegenmaßnahme
Download Monitor: Update to version 4.7.52, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Download Monitor
Version
* - 4.7.51
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpchill ≫ Download Monitor SwPlatformwordpress Version <= 4.7.51
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.792 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.