Lucene search
WPScanCVE-2022-23180HistoryJan 16, 2024 - 4:15 p.m.
CVE-2022-23180
2024-01-1616:15:09
CWE-862
WPScan
web.nvd.nist.gov
19
cve-2022-23180
wordpress
plugin
authorization
nonce
security vulnerability
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0
Percentile
14.0%
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn’t have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings
Affected configurations
Node
themehunkcontact_form_\&_lead_form_elementor_builderRange<1.7.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| themehunk | contact_form_\&_lead_form_elementor_builder | * | cpe:2.3:a:themehunk:contact_form_\&_lead_form_elementor_builder:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Contact Form & Lead Form Elementor Builder",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.7.4"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-23180
2024-01-16 16:15:09
patchstack
patchstack
cvelist
cvelist
wpexploit
wpexploit
prion
prion
Command injection
2024-01-16 16:15:00
wpvulndb
wpvulndb
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0
Percentile
14.0%
Related for CVE-2022-23180