CVE-2022-3881
Last modified
CVE-2022-3881 is a medium-severity vulnerability rated 5.7/10 on the CVSS scale. The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wptools Project | Wptools | < 3.43 |
References
- https://wpscan.com/vulnerability/c2a9cf01-051a-429a-82ca-280885114b5aExploit, Third Party Advisory
- https://wpscan.com/vulnerability/c2a9cf01-051a-429a-82ca-280885114b5aExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3881?
How severe is CVE-2022-3881?
How do I fix CVE-2022-3881?
Are you affected by CVE-2022-3881?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST