CVE-2022-42884 - OpenCVE

Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Themeinprogress	Wip Custom Login

Configuration 1 [-]

cpe:2.3:a:themeinprogress:wip_custom_login:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/wip-custom-login/wordpress-wip-custom-login-plugin-1-2-7-multiple-broken-access-control-vulnerabilities?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-01-17T18:17:27.087Z

Updated: 2024-01-17T18:17:27.087Z

Reserved: 2022-10-19T11:12:07.128Z

Link: CVE-2022-42884

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-17T19:15:08.017

Modified: 2024-01-24T18:13:46.177

Link: CVE-2022-42884

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-42884", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-10-19T11:12:07.128Z", "datePublished": "2024-01-17T18:17:27.087Z", "dateUpdated": "2024-01-17T18:17:27.087Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wip-custom-login", "product": "WIP Custom Login", "vendor": "ThemeinProgress", "versions": [{"changes": [{"at": "1.2.8", "status": "unaffected"}], "lessThanOrEqual": "1.2.7", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Istv\u00e1n M\u00e1rton (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.<p>This issue affects WIP Custom Login: from n/a through 1.2.7.</p>"}], "value": "Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-01-17T18:17:27.087Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wip-custom-login/wordpress-wip-custom-login-plugin-1-2-7-multiple-broken-access-control-vulnerabilities?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.2.8 or a higher version."}], "value": "Update to\u00a01.2.8 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress WIP Custom Login Plugin <= 1.2.7 is vulnerable to Broken Access Control", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}