Lucene search

WPScanCVE-2022-3419

HistoryOct 31, 2022 - 4:15 p.m.

CVE-2022-3419

2022-10-3116:15:11

CWE-269

CWE-352

WPScan

web.nvd.nist.gov

cve-2022-3419

wordpress plugin

user roles

authorization

csrf

security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.2%

JSON

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Affected configurations

Nvd

Vulners

Node

addifyautomatic_user_roles_switcherRange<1.1.2wordpress

VendorProductVersionCPE
addifyautomatic_user_roles_switcher*cpe:2.3:a:addify:automatic_user_roles_switcher:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
addify	automatic_user_roles_switcher	*	cpe:2.3:a:addify:automatic_user_roles_switcher::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Automatic User Roles Switcher",
    "versions": [
      {
        "version": "1.1.2",
        "status": "affected",
        "lessThan": "1.1.2",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.2%

JSON

Related for CVE-2022-3419