CVE-2022-45369 : Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Rev

Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.

Published 2022-11-18 23:15:30

Updated 2023-07-07 19:07:03

Source Patchstack

View at NVD, CVE.org

Products affected by CVE-2022-45369

Richplugins » Plugin For Google Reviews » For Wordpress
Versions before (<) 2.2.3
cpe:2.3:a:richplugins:plugin_for_google_reviews:*:*:*:*:*:wordpress:*:*
Matching versions

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	Patchstack
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

Jump to