Lucene search

K
cve[email protected]CVE-2022-3419
HistoryOct 31, 2022 - 4:15 p.m.

CVE-2022-3419

2022-10-3116:15:11
CWE-352
CWE-269
web.nvd.nist.gov
27
4
cve-2022-3419
wordpress plugin
user roles
authorization
csrf
security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.2%

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Affected configurations

Vulners
NVD
Node
addifyautomatic_user_roles_switcherRange<1.1.2
VendorProductVersionCPE
addifyautomatic_user_roles_switcher*cpe:2.3:a:addify:automatic_user_roles_switcher:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Automatic User Roles Switcher",
    "versions": [
      {
        "version": "1.1.2",
        "status": "affected",
        "lessThan": "1.1.2",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.2%

Related for CVE-2022-3419