CVE-2022-36340

2022-09-2319:15:14

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-36340

unauthenticated

optin

campaign

cache deletion

mailoptin

wordpress

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.001 Low

EPSS

Percentile

28.9%

JSON

Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.

Affected configurations

Vulners

NVD

Node

mailoptin_popup_builder_teammailoptin_\(wordpress_plugin\)Range≤1.2.49.0

CPENameOperatorVersion
mailoptin:mailoptinmailoptinle1.2.49.0

CPE	Name	Operator	Version
mailoptin:mailoptin	mailoptin	le	1.2.49.0

CNA Affected

[
  {
    "product": "MailOptin (WordPress plugin)",
    "vendor": "MailOptin Popup Builder Team",
    "versions": [
      {
        "lessThanOrEqual": "1.2.49.0",
        "status": "affected",
        "version": "<= 1.2.49.0",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability/_s_id=cve

plugins.svn.wordpress.org/mailoptin/trunk/changelog.txt