CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2645044%40wp-shamsi&new=2645044%40wp-shamsi&sfp_email=&sfph_mail=	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/7b498c5a-9fd1-43b8-b456-f6cec65d5077	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpvar:wp_shamsi:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 03:58

Type	Values Removed	Values Added
CWE	~~CWE-862~~

Information

Published : 2022-12-16 14:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-4555

Mitre link : CVE-2022-4555

CVE.ORG link : CVE-2022-4555

JSON object : View

Products Affected

wpvar

wp_shamsi

CWE

No CWE.

{"id": "CVE-2022-4555", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2022-12-16T14:15:09.257", "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2645044%40wp-shamsi&new=2645044%40wp-shamsi&sfp_email=&sfph_mail=", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b498c5a-9fd1-43b8-b456-f6cec65d5077", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities."}, {"lang": "es", "value": "El complemento WP Shamsi para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n deactivate() enlazada a trav\u00e9s de init() en versiones hasta la 4.1.0 inclusive. Esto hace posible que atacantes no autenticados desactiven complementos arbitrarios en el sitio. Esto se puede utilizar para desactivar complementos de seguridad que ayudan a explotar otras vulnerabilidades."}], "lastModified": "2023-11-07T03:58:08.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpvar:wp_shamsi:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BF57A129-669A-4FED-A7CC-0876ACA8305A", "versionEndExcluding": "4.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}