PT-2023-15888 · WordPress · Chained Products
Publicado
2023-01-30
·
Atualizado
2025-03-27
·
CVE-2022-4872
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Chained Products WordPress plugin versions prior to 2.12.0
Description
The issue concerns a lack of authorization and CSRF checks in the plugin, as well as insufficient validation of options to be updated. This allows unauthenticated attackers to set arbitrary options to 'no'.
Recommendations
For versions prior to 2.12.0, update to version 2.12.0 or later to resolve the issue.
Exploit
Correção
CSRF
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Chained Products