Enhancement: cves/2022/CVE-2022-2314.yaml by md

2023-03-22 12:58:31 -04:00 · 2023-03-22 12:58:31 -04:00 · 2dd1f21171
parent 2b52a0cf0a
commit 2dd1f21171
1 changed files with 4 additions and 3 deletions
--- a/cves/2022/CVE-2022-2314.yaml
+++ b/cves/2022/CVE-2022-2314.yaml
@ -1,11 +1,11 @@
 id: CVE-2022-2314

 info:
-  name: WordPress VR Calendar <=2.3.2 - Arbitrary Function Call
+  name: WordPress VR Calendar <=2.3.2 - Remote Code Execution
  author: theamanrawat
  severity: critical
  description: |
-    WordPress VR Calendar plugin through 2.3.2 is susceptible to arbitrary function call. The plugin allows any user to execute arbitrary PHP functions on the site.
+    WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
  reference:
    - https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82
    - https://wordpress.org/plugins/vr-calendar-sync/
@ -14,6 +14,7 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-2314
+    cwe-id: CWE-94
  metadata:
    verified: "true"
  tags: rce,unauth,wpscan,cve,cve2022,wp,vr-calendar-sync,wordpress,wp-plugin
@ -47,4 +48,4 @@ requests:
        status:
          - 200

-# Enhanced by md on 2023/03/21
+# Enhanced by md on 2023/03/22