CVE-2022-41839 : Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on W

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.

Published 2022-11-18 23:15:26

Updated 2022-11-22 20:22:07

Source Patchstack

View at NVD, CVE.org

Products affected by CVE-2022-41839

Wpbrigade » Loginpress » For Wordpress
Versions up to, including, (<=) 1.6.2
cpe:2.3:a:wpbrigade:loginpress:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-41839

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-41839

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	Patchstack
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2022-41839

CWE-264

Assigned by: audit@patchstack.com (Secondary)

References for CVE-2022-41839

https://patchstack.com/database/vulnerability/loginpress/wordpress-loginpress-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve

WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability - Patchstack
Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-41839

Products affected by CVE-2022-41839

Exploit prediction scoring system (EPSS) score for CVE-2022-41839

CVSS scores for CVE-2022-41839

CWE ids for CVE-2022-41839

References for CVE-2022-41839