CVE-2022-3911

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

T

he iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc

References

Link	Resource
https://wpscan.com/vulnerability/c47fdca8-74ac-48a4-9780-556927fb4e52	Exploit Third Party Advisory
https://wpscan.com/vulnerability/c47fdca8-74ac-48a4-9780-556927fb4e52	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:iubenda:iubenda-cookie-law-solution:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:20

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/c47fdca8-74ac-48a4-9780-556927fb4e52 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/c47fdca8-74ac-48a4-9780-556927fb4e52 - Exploit, Third Party Advisory

Information

Published : 2023-01-02 22:15

Updated : 2025-04-10 19:15

NVD link : CVE-2022-3911

Mitre link : CVE-2022-3911

CVE.ORG link : CVE-2022-3911

JSON object : View

Products Affected

iubenda-cookie-law-solution

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization

{"id": "CVE-2022-3911", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-01-02T22:15:15.627", "references": [{"url": "https://wpscan.com/vulnerability/c47fdca8-74ac-48a4-9780-556927fb4e52", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/c47fdca8-74ac-48a4-9780-556927fb4e52", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc"}, {"lang": "es", "value": "El complemento iubenda de WordPress en sus versiones anteriores a la 3.3.3 no tiene autorizaci\u00f3n ni CSRF en una acci\u00f3n AJAX, y no asegura que las opciones a actualizar pertenezcan al complemento siempre que sean arrays. Como resultado, cualquier usuario autenticado, como el suscriptor, puede otorgarse a s\u00ed mismo cualquier privilegio, como edit_plugins, etc."}], "lastModified": "2025-04-10T19:15:49.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iubenda:iubenda-cookie-law-solution:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "62755C01-E9C3-4C61-B6AA-A57E5C6049BC", "versionEndExcluding": "3.3.3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}