Lucene search

WordfenceCVELIST:CVE-2022-1186

HistoryApr 19, 2022 - 8:26 p.m.

CVE-2022-1186

2022-04-1920:26:38

Wordfence

www.cve.org

wordpress

popia

api

vulnerability

sensitive information

unauthenticated users

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

35.5%

JSON

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.

CNA Affected

[
  {
    "vendor": "bepopiacompliant",
    "product": "Be POPIA Compliant",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.1.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921?source=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

35.5%

JSON

Related for CVELIST:CVE-2022-1186