CVE-2022-42698 - OpenCVE

Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Api2cart	Api2cart Bridge Connector

Configuration 1 [-]

OR	cpe:2.3:a:api2cart:api2cart_bridge_connector:1.0.0:::::wordpress::
	cpe:2.3:a:api2cart:api2cart_bridge_connector:1.1.0:::::wordpress::

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve
https://wordpress.org/plugins/api2cart-bridge-connector/#developers

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-11-18T22:15:04.205612Z

Updated: 2024-09-16T22:03:14.745Z

Reserved: 2022-10-19T00:00:00

Link: CVE-2022-42698

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-18T23:15:28.137

Modified: 2022-11-21T19:32:49.060

Link: CVE-2022-42698

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42698", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "datePublished": "2022-11-18T22:15:04.205612Z", "dateUpdated": "2024-09-16T22:03:14.745Z", "dateReserved": "2022-10-19T00:00:00"}, "containers": {"cna": {"title": "WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability", "datePublic": "2022-10-28T00:00:00", "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2022-11-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress."}], "affected": [{"vendor": "API2Cart", "product": "Api2Cart Bridge Connector (WordPress plugin)", "versions": [{"version": "<= 1.1.0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "custom"}]}], "references": [{"url": "https://wordpress.org/plugins/api2cart-bridge-connector/#developers"}, {"url": "https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve"}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Dave Jong (Patchstack)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Update to 1.2.0 or higher version."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:10:41.399Z"}, "title": "CVE Program Container", "references": [{"url": "https://wordpress.org/plugins/api2cart-bridge-connector/#developers", "tags": ["x_transferred"]}, {"url": "https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:api2cart:api2cart_bridge_connector:1.0.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BEB11868-51C5-4457-A00F-A68B78F9670F", "vulnerable": true}, {"criteria": "cpe:2.3:a:api2cart:api2cart_bridge_connector:1.1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "51D68DFD-D37A-4B02-84D7-5863A01D20B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress."}, {"lang": "es", "value": "Vulnerabilidad de carga arbitraria de archivos no autenticada en el complemento WordPress Api2Cart Bridge Connector en WordPress en versiones <= 1.1.0."}], "id": "CVE-2022-42698", "lastModified": "2022-11-21T19:32:49.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2022-11-18T23:15:28.137", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve"}, {"source": "audit@patchstack.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/api2cart-bridge-connector/#developers"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "audit@patchstack.com", "type": "Secondary"}]}