Lucene search
HistoryDec 12, 2022 - 6:15 p.m.
CVE-2022-3879
car dealer
wordpress plugin
authorization
csrf
ajax
arbitrary plugins
security vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
21.4%
The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Affected configurations
Node
car_dealer_projectcar_dealerRange<3.05wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| car_dealer_project | car_dealer | * | cpe:2.3:a:car_dealer_project:car_dealer:*:*:*:*:*:wordpress:*:* |
Related
patchstack
patchstack
cve
cve
CVE-2022-3879
2022-12-12 18:15:11
prion
prion
Cross site request forgery (csrf)
2022-12-12 18:15:00
wpvulndb
wpvulndb
Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation
2022-11-21 00:00:00
wpexploit
wpexploit
Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation
2022-11-21 00:00:00
cvelist
cvelist
CVE-2022-3879 Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation
2022-12-12 17:54:52
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
21.4%
Related for NVD:CVE-2022-3879