CVE-2022-36340 - OpenCVE

Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mailoptin	Mailoptin

Configuration 1 [-]

cpe:2.3:a:mailoptin:mailoptin:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability/_s_id=cve
https://plugins.svn.wordpress.org/mailoptin/trunk/changelog.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-09-23T18:31:50.762287Z

Updated: 2024-09-17T02:02:14.199Z

Reserved: 2022-09-08T00:00:00

Link: CVE-2022-36340

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-23T19:15:14.257

Modified: 2022-09-26T17:01:22.083

Link: CVE-2022-36340

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MailOptin (WordPress plugin)", "vendor": "MailOptin Popup Builder Team", "versions": [{"lessThanOrEqual": "1.2.49.0", "status": "affected", "version": "<= 1.2.49.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"}], "datePublic": "2022-09-23T00:00:00", "descriptions": [{"lang": "en", "value": "Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-23T18:31:50", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability/_s_id=cve"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://plugins.svn.wordpress.org/mailoptin/trunk/changelog.txt"}], "solutions": [{"lang": "en", "value": "Update to 1.2.50.0 or higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-09-23T08:24:00.000Z", "ID": "CVE-2022-36340", "STATE": "PUBLIC", "TITLE": "WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MailOptin (WordPress plugin)", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 1.2.49.0", "version_value": "1.2.49.0"}]}}]}, "vendor_name": "MailOptin Popup Builder Team"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability/_s_id=cve", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability/_s_id=cve"}, {"name": "https://plugins.svn.wordpress.org/mailoptin/trunk/changelog.txt", "refsource": "CONFIRM", "url": "https://plugins.svn.wordpress.org/mailoptin/trunk/changelog.txt"}]}, "solution": [{"lang": "en", "value": "Update to 1.2.50.0 or higher version."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.330Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability/_s_id=cve"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://plugins.svn.wordpress.org/mailoptin/trunk/changelog.txt"}]}]}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-36340", "datePublished": "2022-09-23T18:31:50.762287Z", "dateReserved": "2022-09-08T00:00:00", "dateUpdated": "2024-09-17T02:02:14.199Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mailoptin:mailoptin:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E05B1837-B3A4-41D7-A497-0FFEFFA0C259", "versionEndIncluding": "1.2.49.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress."}, {"lang": "es", "value": "Una vulnerabilidad en el Borrado de la Cach\u00e9 de la Campa\u00f1a Optin sin Autenticaci\u00f3n en el plugin MailOptin versiones anteriores a 1.2.49.0 incluy\u00e9ndola en WordPress."}], "id": "CVE-2022-36340", "lastModified": "2022-09-26T17:01:22.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2022-09-23T19:15:14.257", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability/_s_id=cve"}, {"source": "audit@patchstack.com", "tags": ["Product"], "url": "https://plugins.svn.wordpress.org/mailoptin/trunk/changelog.txt"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}