CVE-2022-38461
WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).
Vulnerabilidad de control de acceso roto en el complemento WPML Multilingual CMS premium en versiones <= 4.5.10 en WordPress permite a los usuarios con un suscriptor o un rol de usuario superior cambiar la configuraciĆ³n del complemento (idioma seleccionado para widgets heredados, comportamiento predeterminado para contenido multimedia).
The WPML plugin for WordPress is vulnerable to missing authorization checks in versions up to, and including, 4.5.10. This is due to improper access controls on authorization for user controls. This makes it possible for subscriber-level attackers to perform plugin settings changes. This means allows the change of the language for legacy widgets, and the default behaviors for media content.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-14 CVE Reserved
- 2022-11-09 CVE Published
- 2024-06-01 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|