Lucene search

[email protected]CVE-2022-4633

HistoryDec 21, 2022 - 7:15 p.m.

CVE-2022-4633

2022-12-2119:15:15

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-4633

auto upload images

vulnerability

cross-site request forgery

upgrade

895770ee93887ec78429c78ffdfb865bee6f9436

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the identifier assigned to this vulnerability.

Affected configurations

Vulners

NVD

Node

auto_upload_images_projectauto_upload_imagesMatch3.0

auto_upload_images_projectauto_upload_imagesMatch3.1

auto_upload_images_projectauto_upload_imagesMatch3.2

auto_upload_images_projectauto_upload_imagesMatch3.3

VendorProductVersionCPE
auto_upload_images_projectauto_upload_images3.0cpe:2.3:a:auto_upload_images_project:auto_upload_images:3.0:*:*:*:*:*:*:*
auto_upload_images_projectauto_upload_images3.1cpe:2.3:a:auto_upload_images_project:auto_upload_images:3.1:*:*:*:*:*:*:*
auto_upload_images_projectauto_upload_images3.2cpe:2.3:a:auto_upload_images_project:auto_upload_images:3.2:*:*:*:*:*:*:*
auto_upload_images_projectauto_upload_images3.3cpe:2.3:a:auto_upload_images_project:auto_upload_images:3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
auto_upload_images_project	auto_upload_images	3.0	cpe:2.3:a:auto_upload_images_project:auto_upload_images:3.0:::::::*
auto_upload_images_project	auto_upload_images	3.1	cpe:2.3:a:auto_upload_images_project:auto_upload_images:3.1:::::::*
auto_upload_images_project	auto_upload_images	3.2	cpe:2.3:a:auto_upload_images_project:auto_upload_images:3.2:::::::*
auto_upload_images_project	auto_upload_images	3.3	cpe:2.3:a:auto_upload_images_project:auto_upload_images:3.3:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Auto Upload Images",
    "versions": [
      {
        "version": "3.0",
        "status": "affected"
      },
      {
        "version": "3.1",
        "status": "affected"
      },
      {
        "version": "3.2",
        "status": "affected"
      },
      {
        "version": "3.3",
        "status": "affected"
      }
    ],
    "modules": [
      "Settings Handler"
    ]
  }
]

References

github.com/airani/wp-auto-upload/commit/895770ee93887ec78429c78ffdfb865bee6f9436

github.com/airani/wp-auto-upload/releases/tag/v3.3.1

vuldb.com/?id.216482

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for CVE-2022-4633

prion1 osv1 cvelist1 nvd1