CVE-2022-1398

{"id": "CVE-2022-1398", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-05-16T15:15:09.413", "references": [{"url": "https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks"}, {"lang": "es", "value": "El plugin External Media without Import de WordPress versiones hasta 1.1.2, no presenta ninguna autorizaci\u00f3n y no asegura que los medios a\u00f1adidos por medio de URLs sean medios externos, lo que podr\u00eda permitir a cualquier usuario autenticado, como el suscriptor, llevar a cabo ataques de tipo SSRF ciegos"}], "lastModified": "2024-11-21T06:40:39.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:external_media_without_import_project:external_media_without_import:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CC35380F-2D8A-4682-A0C0-A9AC3C5D98B2", "versionEndIncluding": "1.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}