CVE-2022-4872 - The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as

CVE-2022-4872

Summary

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'

References

https://wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6

Vulnerable Configurations

cpe:2.3:a:chained_products_project:chained_products:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:chained_products_project:chained_products:*:*:*:*:*:wordpress:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

17-07-2023 - 15:12

Published

30-01-2023 - 21:15

Last modified

17-07-2023 - 15:12