mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
88 lines
3.2 KiB
JSON
88 lines
3.2 KiB
JSON
{
|
|
"id": "CVE-2022-4017",
|
|
"sourceIdentifier": "contact@wpscan.com",
|
|
"published": "2023-01-23T15:15:14.060",
|
|
"lastModified": "2024-11-21T07:34:27.263",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Las versiones del complemento Booster para WooCommerce de WordPress anteriores a la versi\u00f3n 6.0.1, as\u00ed como las versiones anteriores a la 6.0.1 del complemento Booster Plus para WooCommerce y tambi\u00e9n las anteriores a la 6.0.1 del complemento Booster Elite para WooCommerce tienen comprobaciones CSRF defectuosas o faltan por completo en numerosos lugares, lo que permite a los atacantes enga\u00f1ar a los usuarios registrados para que lleven a cabo acciones no deseadas a trav\u00e9s de ataques CSRF."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:booster:booster_elite_woocommerce:*:*:*:*:*:wordpress:*:*",
|
|
"versionEndExcluding": "6.0.1",
|
|
"matchCriteriaId": "368AE7E9-A900-4C64-803D-93EA6BEFB146"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*",
|
|
"versionEndExcluding": "6.0.1",
|
|
"matchCriteriaId": "6AC6A546-FE9A-46FF-BE92-C89433C09BF2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:booster:booster_plus_woocommerce:*:*:*:*:*:wordpress:*:*",
|
|
"versionEndExcluding": "6.0.1",
|
|
"matchCriteriaId": "661B4161-82B8-4640-BC39-372E43C0D948"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4",
|
|
"source": "contact@wpscan.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |