Lucene search

K
patchstackChloe ChamberlandPATCHSTACK:4FDADC4A91F4F3DE18738A0B47061876
HistoryApr 06, 2023 - 12:00 a.m.

WordPress WCFM Membership Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

2023-04-0600:00:00
Chloe Chamberland
patchstack.com
1
wordpress wcfm membership
plugin
cross site request forgery (csrf)
cve-2022-4941
low severity

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

Software

WCFM Membership

Type

Plugin

Vulnerable versions

<= 2.9.10

Fixed in

2.10.0

OWASP Top 10

A5: Broken Access Control

Classification

Cross Site Request Forgery (CSRF)

CVE

CVE-2022-4941

Patch priority

Low

CVSS severity

Low (5.4)

Developer

Claim ownership

PSID

09fe2dd39646

Credits

Chloe Chamberland

Required privilege

Unauthenticated

Published

6 April, 2023

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
wc_loverswcfm_membershipRange2.9.10
VendorProductVersionCPE
wc_loverswcfm_membership*cpe:2.3:a:wc_lovers:wcfm_membership:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

Related for PATCHSTACK:4FDADC4A91F4F3DE18738A0B47061876