Lucene search

[email protected]NVD:CVE-2022-38135

HistorySep 12, 2022 - 9:15 p.m.

CVE-2022-38135

2022-09-1221:15:11

CWE-264

[email protected]

web.nvd.nist.gov

access control

wordpress

vulnerability

photospace gallery

dean oakley

cve-2022-38135

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

19.4%

JSON

Broken Access Control vulnerability in Dean Oakley’s Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

Affected configurations

Nvd

Node

photospace_gallery_projectphotospace_galleryRange≤2.3.5wordpress

VendorProductVersionCPE
photospace_gallery_projectphotospace_gallery*cpe:2.3:a:photospace_gallery_project:photospace_gallery:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
photospace_gallery_project	photospace_gallery	*	cpe:2.3:a:photospace_gallery_project:photospace_gallery::::::wordpress::*

References

patchstack.com/database/vulnerability/photospace/wordpress-photospace-gallery-plugin-2-3-5-broken-access-control-vulnerability

wordpress.org/plugins/photospace/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

19.4%

JSON

Related for NVD:CVE-2022-38135

patchstack1 prion1 wpvulndb1 cvelist1 cve1