Lucene search

PatchstackCVELIST:CVE-2022-36296

HistoryAug 05, 2022 - 3:08 p.m.

CVE-2022-36296 WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability

2022-08-0515:08:07

CWE-287

Patchstack

www.cve.org

wordpress

activedemand

authentication

vulnerability

unauthenticated

update

create

delete

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

31.3%

JSON

Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "activedemand",
    "product": "ActiveDEMAND",
    "vendor": "JumpDEMAND Inc.",
    "versions": [
      {
        "changes": [
          {
            "at": "0.2.28",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "0.2.27",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/activedemand/wordpress-activedemand-plugin-0-2-27-broken-authentication-vulnerability?_s_id=cve

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

31.3%

JSON

Related for CVELIST:CVE-2022-36296