CVE-2022-33198
published 2022-07-21CVE-2022-33198: Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
PriorityP179medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.65%
83.8th percentile
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| biplob_adhikari | accordions | <= 2.0.2 | — |
| oxilab | accordions | < 2.0.3 | 2.0.3 |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-json/oxiaccordionsultimate/v1/oxi_settings
commandrawdata=%7B%22name%22%3A%22blogname%22%2C%22value%22%3A%22{{marker}}%22%7D
otheroxi-confirmation-success
- →Detect unauthenticated POST requests to the vulnerable REST API endpoint /wp-json/oxiaccordionsultimate/v1/oxi_settings with a rawdata body parameter — no authentication headers required.
- →A successful exploitation response contains the string 'oxi-confirmation-success' in the body with HTTP 200, confirming the WordPress option was modified.
- →Confirm exploitation by issuing a GET /wp-json request and checking that the site 'name' field reflects the attacker-controlled value, indicating the blogname option was overwritten.
- →The attack requires only 1 HTTP request (max-request: 1) and no authentication (PR:N), making it trivially scriptable at scale against WordPress sites running Accordions plugin <= 2.0.2.
- ·The vulnerability affects Accordions plugin versions up to and including 2.0.2; versions above this may be patched. ↗
- ·The exploit targets the WordPress REST API endpoint registered by the plugin; if the REST API is disabled or the plugin is deactivated, the endpoint will not be reachable.
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-75p7-x4r4-gq93: Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2
ghsa_unreviewed·2022-07-22
CVE-2022-33198 [MEDIUM] CWE-863 GHSA-75p7-x4r4-gq93: Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
VulnCheck
Biplob Adhikari's Accordions plugin Unauthenticated WordPress Options Change Vulnerability
vulncheck·2022·CVSS 9.8
CVE-2022-33198 [CRITICAL] Biplob Adhikari's Accordions plugin Unauthenticated WordPress Options Change Vulnerability
Biplob Adhikari's Accordions plugin Unauthenticated WordPress Options Change Vulnerability
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
Affected: oxilab accordions
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-202-unauthenticated-arbitrary-options-update; https://app.crowdsec.net/cti/cve-explorer/CVE-2022-33198
No detection rules found.
Nuclei
WordPress Accordions - Unauthenticated Settings Update
nuclei·CVSS 5.3
CVE-2022-33198 [MEDIUM] WordPress Accordions - Unauthenticated Settings Update
WordPress Accordions - Unauthenticated Settings Update
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
Template:
id: CVE-2022-33198
info:
name: WordPress Accordions - Unauthenticated Settings Update
author: riteshs4hu
severity: critical
description: |
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
impact: |
Attackers can modify plugin options, potentially leading to site defacement, functionality disruption, or further exploitation.
remediation: |
Update to the latest version of the plugin where the issue is fixed.
reference:
- https://vdp.patchstack.com/database/wordpress/plugin/accordions-or-faqs/vulnerability/wordpress-accordions-plugin-2-0-2-una
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/accordions-or-faqs/wordpress-accordions-plugin-2-0-2-unauthenticated-wordpress-options-change-vulnerabilityhttps://wordpress.org/plugins/accordions-or-faqs/#developershttps://patchstack.com/database/vulnerability/accordions-or-faqs/wordpress-accordions-plugin-2-0-2-unauthenticated-wordpress-options-change-vulnerabilityhttps://wordpress.org/plugins/accordions-or-faqs/#developers
2022-07-21
Published
Exploited in the wild