CVE-2022-3999 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2022-3999?

CVE-2022-3999 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3999?

Check the references section above for vendor advisories and patch information. Affected products include: Dpdgroup Woocommerce Shipping.

Vulnerability Description

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dpdgroup	Woocommerce Shipping	<= 1.2.11

Related Weaknesses (CWE)

CWE-862 CWE-352

References

https://wpscan.com/vulnerability/625ae924-68db-4579-a34f-e6f33aa33643ExploitThird Party Advisory
https://wpscan.com/vulnerability/625ae924-68db-4579-a34f-e6f33aa33643ExploitThird Party Advisory

FAQ

What is CVE-2022-3999?

CVE-2022-3999 is a vulnerability with a CVSS score of 8.1 (HIGH). The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options...

How severe is CVE-2022-3999?

CVE-2022-3999 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3999?

Check the references section above for vendor advisories and patch information. Affected products include: Dpdgroup Woocommerce Shipping.