Lucene search

[email protected]CVE-2022-36418

HistoryJan 17, 2024 - 4:15 p.m.

CVE-2022-36418

2024-01-1716:15:45

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-36418

missing authorization

vagary digital

hreflang tags lite

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.

Affected configurations

Vulners

NVD

Node

vagary_digitalhreflang_tags_liteRange≤2.0.0

CPENameOperatorVersion
dcgws:hreflang_tags_litedcgws hreflang tags litele2.0.0

CPE	Name	Operator	Version
dcgws:hreflang_tags_lite	dcgws hreflang tags lite	le	2.0.0

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "hreflang-tags-by-dcgws",
    "product": "HREFLANG Tags Lite",
    "vendor": "Vagary Digital",
    "versions": [
      {
        "lessThanOrEqual": "2.0.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/hreflang-tags-by-dcgws/wordpress-hreflang-tags-lite-plugin-2-0-0-unauthenticated-plugin-data-reset-vulnerability?_s_id=cve

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVE-2022-36418

prion1 nvd1 patchstack1 cvelist1