Lucene search

PatchstackCVELIST:CVE-2022-35726

HistoryAug 23, 2022 - 3:47 p.m.

CVE-2022-35726 WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication vulnerability

2022-08-2315:47:56

Patchstack

www.cve.org

wordpress

video gallery

authentication

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

60.5%

JSON

Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.

CNA Affected

[
  {
    "product": "Video Gallery (WordPress plugin)",
    "vendor": "yotuwp",
    "versions": [
      {
        "lessThanOrEqual": "1.3.4.5",
        "status": "affected",
        "version": "<= 1.3.4.5",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-plugin-1-3-4-5-broken-authentication

wordpress.org/plugins/yotuwp-easy-youtube-embed/#developers

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

60.5%

JSON

Related for CVELIST:CVE-2022-35726