CVE-2022-34487
WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
Una vulnerabilidad de actualización de opciones arbitrarias no autenticada en el plugin Shortcode Addons de biplob018 versiones anteriores a 3.0.2 incluyéndola, en WordPress
The "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension" plugin for WordPress is vulnerable to arbitrary options update in versions up to, and including, 3.0.2. This is due to improperly configured capability checking via the permission_callback on the ShortCodeAddonsUltimate/v2/ REST API Endpoint. This makes it possible for unauthenticated attackers to modify arbitrary site options that can be used for complete site takeover.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-30 CVE Reserved
- 2022-06-30 CVE Published
- 2024-02-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-862: Missing Authorization
CAPEC
References (2)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oxilab Search vendor "Oxilab" | Shortcode Addons Search vendor "Oxilab" for product "Shortcode Addons" | < 3.0.3 Search vendor "Oxilab" for product "Shortcode Addons" and version " < 3.0.3" | wordpress |
Affected
|