CVE-2022-0398

{"id": "CVE-2022-0398", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-04-25T16:16:07.640", "references": [{"url": "https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website"}, {"lang": "es", "value": "El plugin ThirstyAffiliates Affiliate Link Manager de WordPress versiones anteriores a 3.10.5, no dispone de comprobaciones de autorizaci\u00f3n y CSRF cuando se crean enlaces de afiliados, lo que podr\u00eda permitir a cualquier usuario autenticado, como el suscriptor, crear enlaces de afiliados arbitrarios, que luego podr\u00edan usarse para redirigir a usuarios a un sitio web arbitrario"}], "lastModified": "2023-11-07T03:41:14.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:caseproof:thirstyaffiliates_affiliate_link_manager:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "307BF639-6484-4D14-A781-4437E0F65899", "versionEndExcluding": "3.10.5"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}