{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4426", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2022-12-12T15:23:16.376Z", "datePublished": "2023-01-09T22:13:41.703Z", "dateUpdated": "2024-08-03T01:41:44.630Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-10T09:07:57.826Z"}, "title": "Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF", "problemTypes": [{"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Mautic Integration for WooCommerce", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "1.0.3"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack."}], "references": [{"url": "https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "WPScan", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:44.630Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpswings:mautic_integration_for_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D4F1A5D6-010A-493B-A40B-2C9F4FF2A334", "versionEndExcluding": "1.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack."}, {"lang": "es", "value": "El complemento Mautic Integration for WooCommerce de WordPress anterior a 1.0.3 no tiene una verificaci\u00f3n CSRF adecuada al actualizar la configuraci\u00f3n y no garantiza que las opciones a actualizar pertenezcan al complemento, lo que permite a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n cambie opciones arbitrarias del blog a trav\u00e9s de un Ataque CSRF."}], "id": "CVE-2022-4426", "lastModified": "2024-11-21T07:35:14.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-09T23:15:28.190", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}