CVE Vulnerability

CVE-2022-1570

The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/c0257564-48ee-4d02-865f-82c8b5e793c9 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:files_download_delay_project:files_download_delay:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-06-08 10:15

Updated : 2022-06-15 02:39

NVD link : CVE-2022-1570

Mitre link : CVE-2022-1570

Products Affected
No products.
CWE
CWE-862