Lucene search

PatchstackCVE-2022-40223

HistoryNov 08, 2022 - 7:15 p.m.

CVE-2022-40223

2022-11-0819:15:14

CWE-862

Patchstack

web.nvd.nist.gov

cve-2022-40223

searchwp

premium plugin

wordpress

security

authorization

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

Affected configurations

Nvd

Vulners

Node

searchwpsearchwpRange≤4.2.5wordpress

VendorProductVersionCPE
searchwpsearchwp*cpe:2.3:a:searchwp:searchwp:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
searchwp	searchwp	*	cpe:2.3:a:searchwp:searchwp::::::wordpress::*

CNA Affected

[
  {
    "vendor": "SearchWP, LLC",
    "product": "SearchWP",
    "versions": [
      {
        "version": "<= 4.2.5",
        "status": "affected",
        "lessThanOrEqual": "4.2.5",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/searchwp/wordpress-searchwp-premium-plugin-4-2-5-broken-authentication-vulnerability?_s_id=cve

searchwp.com/documentation/changelog/

Social References

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2022-40223