Lucene search

[email protected]NVD:CVE-2022-3247

HistoryOct 25, 2022 - 5:15 p.m.

CVE-2022-3247

2022-10-2517:15:56

CWE-918

[email protected]

web.nvd.nist.gov

blog2social

wordpress

ssrf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

24.8%

JSON

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks

Affected configurations

Nvd

Node

adenionblog2socialRange<6.9.10wordpress

VendorProductVersionCPE
adenionblog2social*cpe:2.3:a:adenion:blog2social:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
adenion	blog2social	*	cpe:2.3:a:adenion:blog2social::::::wordpress::*

References

wpscan.com/vulnerability/ee312f22-ca58-451d-a1cb-3f78a6e5ecaf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2022-3247

patchstack1 wpexploit1 prion1 wpvulndb1 cve1 cvelist1 openvas1