PT-2022-25292 · Searchwp · Searchwp
Dave Jong
·
Published
2022-11-08
·
Updated
2022-11-09
·
CVE-2022-40223
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
SearchWP premium plugin versions <= 4.2.5
Description
The issue concerns nonce token leakage and missing authorization in the SearchWP premium plugin, allowing unauthorized changes to plugin settings.
Recommendations
For SearchWP premium plugin versions <= 4.2.5, update to a version greater than 4.2.5 to resolve the issue. As a temporary workaround, consider restricting access to the plugin settings to minimize the risk of exploitation.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Searchwp