Lucene search
HistoryDec 12, 2022 - 6:15 p.m.
CVE-2022-3930
cve-2022-3930
directorist
wordpress plugin
idor vulnerability
password change
nvd
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
23.5%
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
Affected configurations
Node
wpwaxdirectoristRange<7.4.2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpwax | directorist | * | cpe:2.3:a:wpwax:directorist:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Directorist",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "7.4.2.2"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2022-3930
2022-12-12 18:15:12
cvelist
cvelist
wpvulndb
wpvulndb
Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR
2022-11-16 00:00:00
prion
prion
Design/Logic Flaw
2022-12-12 18:15:00
wpexploit
wpexploit
Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR
2022-11-16 00:00:00
patchstack
patchstack
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
23.5%
Related for CVE-2022-3930