CVE-2022-3419

2022-10-3116:15:11

CWE-352

CWE-269

[email protected]

web.nvd.nist.gov

cve-2022-3419

wordpress plugin

user roles

authorization

csrf

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.3%

JSON

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Affected configurations

Vulners

NVD

Node

addifyautomatic_user_roles_switcherRange<1.1.2

VendorProductVersionCPE
addifyautomatic_user_roles_switcher*cpe:2.3:a:addify:automatic_user_roles_switcher:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
addify	automatic_user_roles_switcher	*	cpe:2.3:a:addify:automatic_user_roles_switcher::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Automatic User Roles Switcher",
    "versions": [
      {
        "version": "1.1.2",
        "status": "affected",
        "lessThan": "1.1.2",
        "versionType": "custom"
      }
    ]
  }
]