CVE-2022-3999

Published at:
2022-12-12T18:15:12.620
Source: [email protected]

Global infos:

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorNETWORK
    Availability ImpactHIGH
    Base Score8.1
    Base SeverityHIGH
    Confidentiality ImpactNONE
    Integrity ImpactHIGH
    Privileges RequiredLOW
    ScopeUNCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
    Exploitability Score2.8
    Impact Score5.2
    Source[email protected]
    TypePrimary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords