CVE-2022-4426

EUVD-2022-51771
The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
wpswingsmautic_integration_for_woocommerce
𝑥
< 1.0.3
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38
https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38