CVE-2022-36387 - OpenCVE

Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
About-me Project	About-me

Configuration 1 [-]

cpe:2.3:a:about-me_project:about-me:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/about-me/wordpress-about-me-plugin-1-0-12-broken-access-control-vulnerability/_s_id=cve
https://wordpress.org/plugins/about-me/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-09-06T22:19:13.284754Z

Updated: 2024-09-16T17:18:09.074Z

Reserved: 2022-08-09T00:00:00

Link: CVE-2022-36387

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-06T23:15:08.677

Modified: 2023-07-21T19:50:24.803

Link: CVE-2022-36387

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "About Me (WordPress plugin)", "vendor": "Alessio Caiazza", "versions": [{"lessThanOrEqual": "1.0.12", "status": "affected", "version": "<= 1.0.12", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"}], "datePublic": "2022-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264 Permissions, Privileges, and Access Controls", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T22:19:13", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/about-me/wordpress-about-me-plugin-1-0-12-broken-access-control-vulnerability/_s_id=cve"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/about-me/"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-08-25T20:13:00.000Z", "ID": "CVE-2022-36387", "STATE": "PUBLIC", "TITLE": "WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "About Me (WordPress plugin)", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 1.0.12", "version_value": "1.0.12"}]}}]}, "vendor_name": "Alessio Caiazza"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264 Permissions, Privileges, and Access Controls"}]}]}, "references": {"reference_data": [{"name": "https://patchstack.com/database/vulnerability/about-me/wordpress-about-me-plugin-1-0-12-broken-access-control-vulnerability/_s_id=cve", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/about-me/wordpress-about-me-plugin-1-0-12-broken-access-control-vulnerability/_s_id=cve"}, {"name": "https://wordpress.org/plugins/about-me/", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/about-me/"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.416Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/about-me/wordpress-about-me-plugin-1-0-12-broken-access-control-vulnerability/_s_id=cve"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/plugins/about-me/"}]}]}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-36387", "datePublished": "2022-09-06T22:19:13.284754Z", "dateReserved": "2022-08-09T00:00:00", "dateUpdated": "2024-09-16T17:18:09.074Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:about-me_project:about-me:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A74B6FA4-B2C6-4FEB-90EB-0EA4A67794F7", "versionEndIncluding": "1.0.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress."}, {"lang": "es", "value": "Una vulnerabilidad de Control de Acceso Roto en el plugin About Me de Alessio Caiazza versiones anteriores a 1.0.12 incluy\u00e9ndola, en WordPress."}], "id": "CVE-2022-36387", "lastModified": "2023-07-21T19:50:24.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2022-09-06T23:15:08.677", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/about-me/wordpress-about-me-plugin-1-0-12-broken-access-control-vulnerability/_s_id=cve"}, {"source": "audit@patchstack.com", "tags": ["Product", "Third Party Advisory"], "url": "https://wordpress.org/plugins/about-me/"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "audit@patchstack.com", "type": "Secondary"}]}