CVE-2022-4872

MEDIUM

Chained Products < 2.12.0 - Unauthenticated Missing Authorization

Title source: llm
STIX 2.1

Description

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6

Scores

CVSS v3 4.3
EPSS 0.0028
EPSS Percentile 20.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352 CWE-862
Status published
Products (1)
chained_products_project/chained_products < 2.12.0
Published Jan 30, 2023
Tracked Since Feb 18, 2026