Lucene search

[email protected]NVD:CVE-2022-41978

HistoryNov 09, 2022 - 4:15 p.m.

CVE-2022-41978

2022-11-0916:15:18

CWE-264

[email protected]

web.nvd.nist.gov

cve-2022-41978

zoho crm

lead magnet

wordpress

vulnerability

arbitrary

options update

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.7%

JSON

Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.

Affected configurations

Nvd

Node

zohocorpzoho_crm_lead_magnetRange≤1.7.5.8wordpress

VendorProductVersionCPE
zohocorpzoho_crm_lead_magnet*cpe:2.3:a:zohocorp:zoho_crm_lead_magnet:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
zohocorp	zoho_crm_lead_magnet	*	cpe:2.3:a:zohocorp:zoho_crm_lead_magnet::::::wordpress::*

References

patchstack.com/database/vulnerability/zoho-crm-forms/wordpress-zoho-crm-lead-magnet-plugin-1-7-5-6-auth-arbitrary-options-update-vulnerability?_s_id=cve

wordpress.org/plugins/zoho-crm-forms/#developers

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.7%

JSON

Related for NVD:CVE-2022-41978

patchstack1 prion1 cvelist1 wpexploit1 cve1 wpvulndb1