CVE-2022-3082

MEDIUM

miniOrange Discord Integration <2.1.6 - CSRF

Title source: llm
STIX 2.1

Description

The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/a91d0501-c2a9-4c6c-b5da-b3fc29442a4f

Scores

CVSS v3 6.5
EPSS 0.0041
EPSS Percentile 33.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352 CWE-862
Status published
Products (1)
miniorange/discord_integration < 2.1.6
Published Oct 17, 2022
Tracked Since Feb 18, 2026