Lucene search

PatchstackCVE-2022-38135

HistorySep 12, 2022 - 9:15 p.m.

CVE-2022-38135

2022-09-1221:15:11

CWE-264

Patchstack

web.nvd.nist.gov

dean oakley

photospace gallery

wordpress

cve-2022-38135

broken access control

vulnerability

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Broken Access Control vulnerability in Dean Oakley’s Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

Affected configurations

Nvd

Vulners

Node

photospace_gallery_projectphotospace_galleryRange≤2.3.5wordpress

VendorProductVersionCPE
photospace_gallery_projectphotospace_gallery*cpe:2.3:a:photospace_gallery_project:photospace_gallery:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
photospace_gallery_project	photospace_gallery	*	cpe:2.3:a:photospace_gallery_project:photospace_gallery::::::wordpress::*

CNA Affected

[
  {
    "product": "Photospace Gallery (WordPress plugin)",
    "vendor": "Dean Oakley",
    "versions": [
      {
        "lessThanOrEqual": "2.3.5",
        "status": "affected",
        "version": "<= 2.3.5",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/photospace/wordpress-photospace-gallery-plugin-2-3-5-broken-access-control-vulnerability

wordpress.org/plugins/photospace/

Social References

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Related for CVE-2022-38135