Details of VAR-202210-2173

ID

VAR-202210-2173

CVE

CVE-2022-3419

TITLE

addify of WordPress for automatic user roles switcher Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020052

DESCRIPTION

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Trust: 1.71

sources: NVD: CVE-2022-3419 // JVNDB: JVNDB-2022-020052 // VULHUB: VHN-431063

AFFECTED PRODUCTS

vendor:	addify	model:	automatic user roles switcher	scope:	lt	version:	1.1.2	Trust: 1.0
vendor:	addify	model:	automatic user roles switcher	scope:	eq	version:	-	Trust: 0.8
vendor:	addify	model:	automatic user roles switcher	scope:	-	version:	-	Trust: 0.8
vendor:	addify	model:	automatic user roles switcher	scope:	eq	version:	1.1.2	Trust: 0.8

sources: JVNDB: JVNDB-2022-020052 // NVD: CVE-2022-3419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-3419
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-3419
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202210-2545
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-3419
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-3419
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020052 // CNNVD: CNNVD-202210-2545 // NVD: CVE-2022-3419

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-352	Trust: 1.1
problemtype:	Improper authority management (CWE-269) [ others ]	Trust: 0.8
problemtype:	Cross-site request forgery (CWE-352) [ others ]	Trust: 0.8

sources: VULHUB: VHN-431063 // JVNDB: JVNDB-2022-020052 // NVD: CVE-2022-3419

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-2545

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-2545

PATCH

title:

WordPress plugin Automatic User Roles Switcher Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=212738

Trust: 0.6

sources: CNNVD: CNNVD-202210-2545

EXTERNAL IDS

db:	NVD	id:	CVE-2022-3419	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-020052	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-2545	Trust: 0.6
db:	VULHUB	id:	VHN-431063	Trust: 0.1

sources: VULHUB: VHN-431063 // JVNDB: JVNDB-2022-020052 // CNNVD: CNNVD-202210-2545 // NVD: CVE-2022-3419

REFERENCES

url:	https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3419	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-3419/	Trust: 0.6

sources: VULHUB: VHN-431063 // JVNDB: JVNDB-2022-020052 // CNNVD: CNNVD-202210-2545 // NVD: CVE-2022-3419

SOURCES

db:	VULHUB	id:	VHN-431063
db:	JVNDB	id:	JVNDB-2022-020052
db:	CNNVD	id:	CNNVD-202210-2545
db:	NVD	id:	CVE-2022-3419

LAST UPDATE DATE

2024-08-14T13:42:18.356000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-431063	date:	2022-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-020052	date:	2023-10-30T08:22:00
db:	CNNVD	id:	CNNVD-202210-2545	date:	2022-11-02T00:00:00
db:	NVD	id:	CVE-2022-3419	date:	2022-11-01T15:49:32.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-431063	date:	2022-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2022-020052	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202210-2545	date:	2022-10-31T00:00:00
db:	NVD	id:	CVE-2022-3419	date:	2022-10-31T16:15:11.587