Enhancement: cves/2022/CVE-2022-0594.yaml by md
parent
263ac9fac5
commit
6045693637
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2022-0594
|
||||
|
||||
info:
|
||||
name: Shareaholic < 9.7.6 - Information Disclosure
|
||||
name: WordPress Shareaholic <9.7.6 - Information Disclosure
|
||||
author: atomiczsec
|
||||
severity: medium
|
||||
description: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
|
||||
description: WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1
|
||||
- https://wordpress.org/plugins/shareaholic/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0594
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0594
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/02/01
|
||||
|
|
Loading…
Reference in New Issue