This issue can be exploited remotely via password authentication, by sending a request with a modified `User` field.

CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS vector score: 5.9 — Vendor report for this CVE says: “CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H” — High CVSS:3.0 Base Score 5.9 — Exploitability index: 5.9CVSS v3.0 Base Score 5.9 — Exploitability index: 5.9CVSS v2.0 Base Score 5.8 — Exploitability index: 5.9CVSS v1.0 Base Score 5.9 — Exploitability index: 5.9HIGH: High Confidence/ Medium Impact — Exploitability index: 5.9MEDIUM: Medium Confidence/ Low Impact — Exploitability index: 5.9A3 — Exploitability index: 5.9AVAIL: Available/ Low Impact — Exploitability index: 5.9 — Vendor report for this CVE says: “CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H” — — Exploitability index: 5

Weaknesses:

The vulnerable endpoint is an HTTP server running on the host.
This vulnerability could be exploited with a crafted request. NOTE: This is a platform issue, not a user or client-side issue.
The vendor has released a patch to address this issue.

CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS vector score: 5.9 — Vendor report for this CVE says: “CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H” — High CVSS:3.0 Base Score 5.9 — Exploitability index: 5.9CVSS v3.0 Base Score 5.9 — Exploitability index: 5.9CVSS v2.0 Base Score 5.8 — Exploitability index: 5.9CVSS v1.0 Base Score 5.9 — Exploitability index: 5.9HIGH: High Confidence/ Medium Impact — Exploitability index: 5.9MEDIUM: Medium Confidence/ Low Impact — Exploitability index: 5.9A3 — Exploitability index: 5

Remote code execution

This is a remote code execution vulnerability which can be exploited via password authentication.

CVE-2022-21245
This issue can be exploited remotely via password authentication, by sending a request with a modified `User` field.

CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS vector score: 5.9 — Vendor report for this CVE says: “CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H” — High CVSS:3.0 Base Score 5.9 — Exploitability index: 5.9CVSS v3.0 Base Score 5.9 — Exploitability index: 5.9CVSS v2.0 Base Score 5.8 — Exploitability index: 5.9CVSS v1.0 Base Score 5.9 — Exploitability index: 5.9HIGH: High Confidence/ Medium Impact — Exploitability index: 5.9MEDIUM: Medium Confidence/ Low Impact — Exploitability index: 5.9A3 — Exploitability index: 5.9AVAIL: Available/ Low Impact — Exploitability index: 5.9

Vulnerability details

CVE-2022-21245 is a vulnerability in WordPress that can be exploited remotely via password authentication by sending a request with a modified `User` field.
This vulnerability could allow attackers to gain access to the site, as attackers can send requests with a user field set to something other than an administrator’s username to view restricted content. The WordPress team says this issue is not as critical as some others because it only affects authenticated admin users and “isn't likely exploitable by default”.

Exploitation of CVE-2018-1240 and CVE-2019-0648 is required due to the way they are designed

CVE-2019-0648 is exploitable via a parameter value of “/”, which is not properly sanitised, leading to an information disclosure.

Statistics

CVSS Base Score: 5.9
CVSS Vector: 5.9
Affected Vendors:
This issue can be exploited remotely via password authentication, by sending a request with a modified `User` field.
CVE ID: CVE-2022-21245

The importance of digital marketing is increasing as the world becomes more digitalized and people prefer to communicate electronically. With this in mind, it's important for businesses to understand how to effectively use digital marketing to achieve their goals. One significant reason why digital marketing is important is because there are so many different ways to do it. You can target your audience by location, age, gender, interests, and more; you can also use pictures in your ad campaigns on Facebook to get people to click through more frequently than if they saw text only.

Timeline

Published on: 01/19/2022 12:15:00 UTC
Last modified on: 04/19/2022 04:13:00 UTC

References