CVE-2022-0188
published 2022-02-14CVE-2022-0188: The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.
PriorityP338medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EXPLOIT
EPSS
2.38%
81.8th percentile
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| niteothemes | cmp | < 4.0.19 | 4.0.19 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3rrw-2rpr-xr39: The CMP WordPress plugin before 4
ghsa_unreviewed·2022-02-15
CVE-2022-0188 [MEDIUM] CWE-306 GHSA-3rrw-2rpr-xr39: The CMP WordPress plugin before 4
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily change coming soon page layout.
CISA
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2010-0188 [HIGH] CWE-94 Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
Vulnerability: Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
Affected: Adobe Reader and Acrobat
Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-0188
Remediation Due Date: 2022-03-24
No detection rules found.
Nuclei
CMP WordPress < 4.0.19 - Broken Access Control
nuclei·CVSS 5.3
CVE-2022-0188 [MEDIUM] CMP WordPress < 4.0.19 - Broken Access Control
CMP WordPress < 4.0.19 - Broken Access Control
CMP WordPress plugin < 4.0.19 contains an arbitrary page layout change caused by insufficient access control in the coming soon page feature, letting unauthenticated users modify the layout, exploit requires no authentication.
Template:
id: CVE-2022-0188
info:
name: CMP WordPress < 4.0.19 - Broken Access Control
author: pussycat0x
severity: medium
description: |
CMP WordPress plugin < 4.0.19 contains an arbitrary page layout change caused by insufficient access control in the coming soon page feature, letting unauthenticated users modify the layout, exploit requires no authentication.
reference:
- https://wpscan.com/vulnerability/50b6f770-6f53-41ef-b2f3-2a58e9afd332/
impact:
Unauthenticated users can alter the coming soon page layout, pote
No writeups or analysis indexed.
2022-02-14
Published