Description

WordPress Plugin miniOrange Discord Integration is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently call some of the AJAX actions and disable the app for example. WordPress Plugin miniOrange Discord Integration version 2.1.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.1.6 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:A91D0501-C2A9-4C6C-B5DA-B3FC29442A4F

https://plugins.svn.wordpress.org/miniorange-discord-integration/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin DELUCKS SEO Unspecified Vulnerability (1.2.2)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8444)

MySQL CVE-2019-2746 Vulnerability (CVE-2019-2746)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.3.21)

WordPress Plugin Tooltipy (tooltips for WP) Multiple Vulnerabilities (5.0.2)

Severity

High

Classification

CVE-2022-3082 CWE-284 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass