Lucene search
WPScanCVELIST:CVE-2022-3923HistoryJan 09, 2023 - 10:13 p.m.
CVE-2022-3923 ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup
2023-01-0922:13:35
WPScan
www.cve.org
activecampaign
woocommerce
wordpress
authorization
error logs
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
CNA Affected
[
{
"vendor": "Unknown",
"product": "ActiveCampaign for WooCommerce",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.9.8"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup
2022-12-16 00:00:00
prion
prion
Code injection
2023-01-09 23:15:00
cve
cve
CVE-2022-3923
2023-01-09 23:15:26
wpvulndb
wpvulndb
ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup
2022-12-16 00:00:00
nvd
nvd
CVE-2022-3923
2023-01-09 23:15:26