Description

WordPress Plugin miniOrange Discord Integration is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently call some of the AJAX actions and disable the app for example. WordPress Plugin miniOrange Discord Integration version 2.1.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.1.6 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:A91D0501-C2A9-4C6C-B5DA-B3FC29442A4F

https://plugins.svn.wordpress.org/miniorange-discord-integration/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin GEO Redirector Cross-Site Scripting (1.0.1)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2006-0200)

RubyGems Improper Verification of Cryptographic Signature Vulnerability (CVE-2018-1000076)

WordPress Plugin GdeSlon Affiliate Shop Open Redirect (2.0)

WordPress Plugin Another WordPress Classifieds Multiple Vulnerabilities (2.2.1)

Severity

High

Classification

CVE-2022-3082 CWE-284 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass