CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Software
WCFM Membership
Type
Plugin
Vulnerable versions
<= 2.9.10
Fixed in
2.10.0
OWASP Top 10
A5: Broken Access Control
Classification
Cross Site Request Forgery (CSRF)
CVE
CVE-2022-4941
Patch priority
Low
CVSS severity
Low (5.4)
Developer
Claim ownership
PSID
09fe2dd39646
Credits
Chloe Chamberland
Required privilege
Unauthenticated
Published
6 April, 2023
Vulnerability details
Expand full details Have additional information or questions about this entry? Let us know.
This security issue has a low severity impact and is unlikely to be exploited.
Vendor | Product | Version | CPE |
---|---|---|---|
wc_lovers | wcfm_membership | * | cpe:2.3:a:wc_lovers:wcfm_membership:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High