Lucene search

PatchstackCVELIST:CVE-2022-40223

HistoryNov 08, 2022 - 6:20 p.m.

CVE-2022-40223 WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability

2022-11-0818:20:24

CWE-862

Patchstack

www.cve.org

cve-2022-40223

broken authentication

nonce token leakage

missing authorization

plugin settings change

wordpress

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

22.7%

JSON

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

CNA Affected

[
  {
    "vendor": "SearchWP, LLC",
    "product": "SearchWP",
    "versions": [
      {
        "version": "<= 4.2.5",
        "status": "affected",
        "lessThanOrEqual": "4.2.5",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/searchwp/wordpress-searchwp-premium-plugin-4-2-5-broken-authentication-vulnerability?_s_id=cve

searchwp.com/documentation/changelog/

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2022-40223