CVE-2022-3994
Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations.
El complemento Authenticator de WordPress anterior a 1.3.1 no impide que los suscriptores actualicen el token de acceso al feed de un sitio, lo que puede negar a otros usuarios el acceso a la funcionalidad en ciertas configuraciones.
The Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the regenerate_token function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to generate tokens.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-14 CVE Reserved
- 2022-11-26 CVE Published
- 2024-07-25 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/802a2139-ab48-4281-888f-225e6e3134aa | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Authenticator Project Search vendor "Authenticator Project" | Authenticator Search vendor "Authenticator Project" for product "Authenticator" | < 1.3.1 Search vendor "Authenticator Project" for product "Authenticator" and version " < 1.3.1" | wordpress |
Affected
|