Lucene search

[email protected]NVD:CVE-2022-3880

HistoryDec 12, 2022 - 6:15 p.m.

CVE-2022-3880

2022-12-1218:15:11

CWE-863

CWE-352

[email protected]

web.nvd.nist.gov

wordpress

plugin

unauthorized

access

installation

security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

37.7%

JSON

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

Affected configurations

Nvd

Node

antihacker_projectantihackerRange<4.20wordpress

VendorProductVersionCPE
antihacker_projectantihacker*cpe:2.3:a:antihacker_project:antihacker:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
antihacker_project	antihacker	*	cpe:2.3:a:antihacker_project:antihacker::::::wordpress::*

References

wpscan.com/vulnerability/24743c72-310f-41e9-aac9-e05b2bb1a14e

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

37.7%

JSON

Related for NVD:CVE-2022-3880

cvelist1 prion1 wpexploit1 cve1 wpvulndb1 patchstack1