CVE-2022-46850

2023-06-1913:15:09

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-46850

nabil lemsieh

easy media replace

access control

arbitrary file deletion

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions.

Affected configurations

Vulners

NVD

Node

nabil_lemsieheasy_media_replaceRange≤0.1.3

CPENameOperatorVersion
easy_media_replace_project:easy_media_replaceeasy media replace project easy media replacele0.1.3

CPE	Name	Operator	Version
easy_media_replace_project:easy_media_replace	easy media replace project easy media replace	le	0.1.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "easy-media-replace",
    "product": "Easy Media Replace",
    "vendor": "Nabil Lemsieh",
    "versions": [
      {
        "changes": [
          {
            "at": "0.2.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "0.1.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]