WordPress Plugin Vulnerabilities

Permalink Manager Lite < 2.2.20.1 - Unauthenticated URI Deletion

Description

The plugin does not have authorisation checks when deleting URI, which could allow unauthenticated attackers to delete them

Affects Plugins

Plugin icon
permalink-manager
Fixed in 2.2.20.1

References

CVE
CVE-2022-41781

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
89d1be12-21f4-4fba-a7f4-482928797d66

Timeline

Publicly Published
2022-11-01 (about 1 years ago)
Added
2022-11-20 (about 1 years ago)
Last Updated
2022-11-20 (about 1 years ago)

Other

Published
Title
Published
2024-02-06
Title
Quiz Maker < 6.5.2.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification
Published
2024-03-19
Title
Advanced Classifieds & Directory Pro < 3.1.2 - Missing Authorization to Arbitrary Attachment Deletion
Published
2023-03-15
Title
WP Email Capture < 3.11 - Unauthenticated Email Capture Download
Published
2023-09-05
Title
Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure
Published
2024-03-13
Title
Accordion < 2.2.97 - Missing Authorization to Authenticated(Contributor+) Post Duplication