The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/a91d0501-c2a9-4c6c-b5da-b3fc29442a4f | Exploit Third Party Advisory |
Configurations
History
21 Jul 2023, 17:09
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
21 Oct 2022, 16:38
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://wpscan.com/vulnerability/a91d0501-c2a9-4c6c-b5da-b3fc29442a4f - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:miniorange:discord_integration:*:*:*:*:*:wordpress:*:* |
17 Oct 2022, 12:49
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-17 12:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-3082
Mitre link : CVE-2022-3082
CVE.ORG link : CVE-2022-3082
JSON object : View
Products Affected
miniorange
- discord_integration