Lucene search

[email protected]CVE-2022-3882

HistoryDec 12, 2022 - 6:15 p.m.

CVE-2022-3882

2022-12-1218:15:00

CWE-863

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-3882

memory usage

memory limit

php

server memory

health check

fix plugin

wordpress

csrf

ajax

authorization

security

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON

The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

VendorProductVersionCPE
oracletimesten_in\-memory_database*cpe:2.3:a:oracle:timesten_in\-memory_database:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	timesten_in\-memory_database	*	cpe:2.3:a:oracle:timesten_in\-memory_database::::::::

References

wpscan.com/vulnerability/a39c643f-eaa4-4c71-b75d-2c4fe34ac875

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON

Related for CVE-2022-3882

wpvulndb1 cvelist1 wpexploit1 patchstack1 prion1