CVE-2022-35242

EUVD-2022-38134
Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
PatchstackCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
59secthe_leads_management_system\
𝑥
≤ 3.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability
https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/
https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability
https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/