SB2022102723 - Multiple vulnerabilities in Traffic Manager plugin for WordPress
Published: October 27, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2022-41695)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
2) Improper access control (CVE-ID: CVE-2022-42460)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions, leading to stored cross-site scripting (XSS).
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://patchstack.com/database/vulnerability/traffic-manager/wordpress-traffic-manager-plugin-1-4-5-multiple-vulnerabilities
- https://patchstack.com/database/vulnerability/traffic-manager/wordpress-traffic-manager-plugin-1-4-5-broken-access-control-vulnerability-leading-to-stored-cross-site-scripting-xss