Vulnerability Details : CVE-2022-34867
Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2022-34867
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-34867
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
Patchstack |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2022-34867
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: audit@patchstack.com (Secondary)
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-34867
-
https://github.com/libreform/libreform/pull/54/files
Fix vulnerability by k1sul1 · Pull Request #54 · libreform/libreform · GitHubPatch;Third Party Advisory
-
https://patchstack.com/database/vulnerability/libreform/wordpress-wp-libre-form-2-plugin-2-0-8-unauthenticated-sensitive-information-disclosure-vulnerability
WordPress WP Libre Form 2 plugin <= 2.0.8 - Unauthenticated Sensitive Information Disclosure vulnerability - PatchstackThird Party Advisory
Products affected by CVE-2022-34867
- Wp Libre Form Project » Wp Libre Form » For WordpressVersions from including (>=) 2.0.0 and up to, including, (<=) 2.0.8cpe:2.3:a:wp_libre_form_project:wp_libre_form:*:*:*:*:*:wordpress:*:*