CVE-2022-3930 — Vulnetix

CVE-2022-3930 PUBLISHED CVSS 6.5 MEDIUM

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.

EPSS 0.32% · 55.4th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.32%

55.4th percentile

Affected Products

Vendor	Product	Versions
Unknown	Directorist	0
wpwax	directorist	0

Exploit Intelligence

https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413 (cve.org)

Timeline

Dec 12, 2022 CVE Published
Dec 13, 2022 EPSS Score
Jan 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 18, 2023 EPSS Score
May 29, 2023 EPSS Score
Aug 21, 2023 EPSS Score
Oct 2, 2023 EPSS Score
Nov 13, 2023 EPSS Score
Dec 25, 2023 EPSS Score
Feb 5, 2024 EPSS Score
Mar 17, 2024 EPSS Score

References

https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413 exploit
https://nvd.nist.gov/vuln/detail/CVE-2022-3930 advisory

Open in Interactive Console →