Lucene search

PatchstackCVE-2022-44626

HistoryMar 25, 2024 - 12:15 p.m.

CVE-2022-44626

2024-03-2512:15:08

CWE-862

Patchstack

web.nvd.nist.gov

missing authorization

squirrly seo

vulnerability

nvd

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.

Affected configurations

Vulners

Node

squirrlyseo_plugin_by_squirrly_seoRange≤12.1.20wordpress

VendorProductVersionCPE
squirrlyseo_plugin_by_squirrly_seo*cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
squirrly	seo_plugin_by_squirrly_seo	*	cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "squirrly-seo",
    "product": "SEO Plugin by Squirrly SEO",
    "vendor": "Squirrly",
    "versions": [
      {
        "changes": [
          {
            "at": "12.1.21",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "12.1.20",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-peaks-plugin-12-1-20-broken-access-control-vulnerability?_s_id=cve