Lucene search

WPScanCVELIST:CVE-2022-3881

HistoryDec 12, 2022 - 5:54 p.m.

CVE-2022-3881 WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation

2022-12-1217:54:54

WPScan

www.cve.org

cve-2022-3881

wptools

subscriber

arbitrary

plugin

installation

authorisation

csrf

ajax

wordpress.

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log",
    "collectionURL": "https://wordpress.org/plugins",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.43"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/c2a9cf01-051a-429a-82ca-280885114b5a