The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6 | Exploit Third Party Advisory |
Configurations
History
07 Feb 2023, 01:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:chained_products_project:chained_products:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (MISC) https://wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6 - Exploit, Third Party Advisory | |
First Time |
Chained Products Project chained Products
Chained Products Project |
30 Jan 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-30 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4872
Mitre link : CVE-2022-4872
CVE.ORG link : CVE-2022-4872
JSON object : View
Products Affected
chained_products_project
- chained_products