Lucene search

[email protected]NVD:CVE-2022-3082

HistoryOct 17, 2022 - 12:15 p.m.

CVE-2022-3082

2022-10-1712:15:10

CWE-862

CWE-352

[email protected]

web.nvd.nist.gov

miniorange discord plugin

wordpress

authorization

csrf

ajax

unauthorized access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.8%

JSON

The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example

Affected configurations

Nvd

Node

miniorangediscord_integrationRange<2.1.6wordpress

VendorProductVersionCPE
miniorangediscord_integration*cpe:2.3:a:miniorange:discord_integration:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
miniorange	discord_integration	*	cpe:2.3:a:miniorange:discord_integration::::::wordpress::*

References

wpscan.com/vulnerability/a91d0501-c2a9-4c6c-b5da-b3fc29442a4f

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.8%

JSON

Related for NVD:CVE-2022-3082

prion1 cvelist1 cve1 wpvulndb1 patchstack1 wpexploit1