CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43492 – WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2022-43492
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress. Vulnerabilidad de Insecure Direct Object References (IDOR) autenticada (con permisos de suscriptor o superiores) en el complemento Comments wpDiscuz 7.4.2 en WordPress. The Comments – wpDiscuz plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 7.4.2. This is due to insufficient validation on the 'wmu_attachments' user-controlled key. • https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-comments-wpdiscuz-plugin-7-4-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve https://wordpress.org/plugins/wpdiscuz/#developers • CWE-639: Authorization Bypass Through User-Controlled Key •