CVE-2022-35242

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
PatchstackCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
59secthe_leads_management_system\
𝑥
≤ 3.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability
https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/
https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability
https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/