CVE-2022-29448 — Use of Incorrectly-Resolved Name or Reference in Herd Effects

CWE-706 — Use of Incorrectly-Resolved Name or Reference3 documents3 sources

Severity

4.9MEDIUMNVD

CNA6.8

EPSS

0.7%

top 28.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wow-company Herd Effects Wow-estore Herd Effects

Timeline

PublishedMay 20

Latest updateMay 21

Description

Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5wow-company/herd_effects5.2

▶NVDwow-estore/herd_effects5.2

🔴Vulnerability Details

GHSA

GHSA-pq6j-c37f-96x2: Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5↗2022-05-21

▶

CVEList

WordPress Herd Effects plugin <= 5.2 - Local File Inclusion (LFI) vulnerability↗2022-05-20

▶