Lucene search

[email protected]NVD:CVE-2022-4384

HistoryFeb 06, 2023 - 8:15 p.m.

CVE-2022-4384

2023-02-0620:15:11

[email protected]

web.nvd.nist.gov

stream plugin

unauthorized users

info leaks

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

33.5%

JSON

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.

Affected configurations

Nvd

Node

xwpstreamRange<3.9.2wordpress

VendorProductVersionCPE
xwpstream*cpe:2.3:a:xwp:stream:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
xwp	stream	*	cpe:2.3:a:xwp:stream::::::wordpress::*

References

wpscan.com/vulnerability/2b506252-6f37-439e-8984-7316d5cca2e5

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

33.5%

JSON

Related for NVD:CVE-2022-4384

prion1 cve1 wpvulndb1 cvelist1 wpexploit1