Lucene search

[email protected]NVD:CVE-2022-2367

HistoryAug 08, 2022 - 2:15 p.m.

CVE-2022-2367

2022-08-0814:15:08

CWE-639

[email protected]

web.nvd.nist.gov

wsm downloader

wordpress plugin

website restriction

link parameter validation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.8%

JSON

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good “link” parameter validation

Affected configurations

Nvd

Node

wsm_downloader_projectwsm_downloaderRange≤1.4.0wordpress

VendorProductVersionCPE
wsm_downloader_projectwsm_downloader*cpe:2.3:a:wsm_downloader_project:wsm_downloader:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wsm_downloader_project	wsm_downloader	*	cpe:2.3:a:wsm_downloader_project:wsm_downloader::::::wordpress::*

References

wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.8%

JSON

Related for NVD:CVE-2022-2367

cvelist1 cve1 prion1 patchstack1