Lucene search

K
nvd[email protected]NVD:CVE-2022-3244
HistoryOct 17, 2022 - 12:15 p.m.

CVE-2022-3244

2022-10-1712:15:10
CWE-862
web.nvd.nist.gov
4
wordpress plugin
authorization issue
cve-2022-3244

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

23.0%

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce

Affected configurations

Nvd
Node
smackcodersimport_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csvRange<6.5.8wordpress
VendorProductVersionCPE
smackcodersimport_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv*cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:*

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

23.0%

Related for NVD:CVE-2022-3244