Lucene search

K

[email protected]NVD:CVE-2022-3622

HistoryOct 20, 2023 - 8:15 a.m.

CVE-2022-3622

2023-10-2008:15:11

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-3622

blog2social

wordpress

vulnerability

authorization bypass

capability checks

authenticated attackers

subscriber-level permissions

plugin settings

admins

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.

Affected configurations

NVD

Node

adenionblog2socialRange≤6.9.11wordpress

References

plugins.trac.wordpress.org/browser/blog2social/tags/6.9.10/includes/B2S/Settings/Item.php#L116

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail=

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

Related for NVD:CVE-2022-3622

prion1 patchstack1 cvelist1 packetstorm1 wpvulndb1 wordfence1 cve1 zdt1 openvas1