CVE-2022-0989

{"id": "CVE-2022-0989", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-04-11T15:15:08.880", "references": [{"url": "https://wpscan.com/vulnerability/a6bfc150-8e3f-4b2d-a6e1-09406af41dd4", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-80"}]}], "descriptions": [{"lang": "en", "value": "An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain."}, {"lang": "es", "value": "Un usuario no privilegiado podr\u00eda usar la funcionalidad del plugin NS WooCommerce Watermark de WordPress versiones hasta 2.11.3, para cargar im\u00e1genes que ocultan malware, por ejemplo, desde el paso de dominios maliciosos para ocultar su rastro, haci\u00e9ndolas pasar por el dominio vulnerable"}], "lastModified": "2022-04-15T20:22:57.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nsthemes:ns_watermark_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0A5DF280-C559-407B-BAF5-CB9614887DA8", "versionEndIncluding": "2.11.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}