CVE-2022-42459
WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress.
Vulnerabilidad de cambio de opciones de WordPress autenticada en el complemento Image Hover Effects Ultimate en WordPress en versiones <= 9.7.1.
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Arbitrary Options Update in versions up to, and including, 9.7.1. This is due to a lack of validation on the settings supplied to the post_oxi_settings() function. This makes it possible for authenticated attackers, with administrative level permissions, to update arbitrary options on the WordPress site. This would only affect sites where the administrator has been restricted to not 'manage_options' or the administrator has allowed users with lower permissions to update the plugin's settings.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-19 CVE Reserved
- 2022-10-25 CVE Published
- 2024-05-17 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-269: Improper Privilege Management
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (2)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oxilab Search vendor "Oxilab" | Image Hover Effects Ultimate Search vendor "Oxilab" for product "Image Hover Effects Ultimate" | <= 9.7.1 Search vendor "Oxilab" for product "Image Hover Effects Ultimate" and version " <= 9.7.1" | wordpress |
Affected
|