OpenCVE

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gvectors	Wpdiscuz

Configuration 1 [-]

cpe:2.3:a:gvectors:wpdiscuz:7.4.2:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-comments-wpdiscuz-plugin-7-4-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve
https://wordpress.org/plugins/wpdiscuz/#developers

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-11-18T22:08:14.066255Z

Updated: 2024-09-16T20:17:19.616Z

Reserved: 2022-10-19T00:00:00

Link: CVE-2022-43492

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-18T23:15:28.550

Modified: 2024-11-21T07:26:35.833

Link: CVE-2022-43492

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43492", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "datePublished": "2022-11-18T22:08:14.066255Z", "dateUpdated": "2024-09-16T20:17:19.616Z", "dateReserved": "2022-10-19T00:00:00"}, "containers": {"cna": {"title": "WordPress Comments \u2013 wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability", "datePublic": "2022-10-28T00:00:00", "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2022-11-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments \u2013 wpDiscuz plugin 7.4.2 on WordPress."}], "affected": [{"vendor": "gVectors Team", "product": "Comments \u2013 wpDiscuz (WordPress plugin)", "versions": [{"version": "7.4.2", "status": "affected"}]}], "references": [{"url": "https://wordpress.org/plugins/wpdiscuz/#developers"}, {"url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-comments-wpdiscuz-plugin-7-4-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Dhakal Ananda (Patchstack Alliance)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Insecure Direct Object References (IDOR)"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Update to 7.5 or higher version."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.498Z"}, "title": "CVE Program Container", "references": [{"url": "https://wordpress.org/plugins/wpdiscuz/#developers", "tags": ["x_transferred"]}, {"url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-comments-wpdiscuz-plugin-7-4-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gvectors:wpdiscuz:7.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E16D574D-76FC-4264-8B76-5FA76ED5A84A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments \u2013 wpDiscuz plugin 7.4.2 on WordPress."}, {"lang": "es", "value": "Vulnerabilidad de Insecure Direct Object References (IDOR) autenticada (con permisos de suscriptor o superiores) en el complemento Comments wpDiscuz 7.4.2 en WordPress."}], "id": "CVE-2022-43492", "lastModified": "2024-11-21T07:26:35.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-18T23:15:28.550", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-comments-wpdiscuz-plugin-7-4-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}, {"source": "audit@patchstack.com", "tags": ["Product", "Third Party Advisory"], "url": "https://wordpress.org/plugins/wpdiscuz/#developers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-comments-wpdiscuz-plugin-7-4-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://wordpress.org/plugins/wpdiscuz/#developers"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}