WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability
CVE-2022-46796
6.5MEDIUM
Summary
The vulnerability in the VillaTheme CURCY plugin arises from a missing authorization mechanism, allowing attackers to exploit incorrectly configured access control security levels. This issue affects all versions of CURCY up to and including 2.1.25, enabling unauthorized modification of plugin settings. This can lead to potential security breaches, compromising the integrity of websites utilizing this plugin.
Affected Version(s)
CURCY <= 2.1.25
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Muhammad Daffa (Patchstack Alliance)