CVE-2022-34487
published 2022-07-21CVE-2022-34487: Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
PriorityP279medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.65%
83.8th percentile
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| biplob018 | shortcode_addons | <= 3.0.2 | — |
| oxilab | shortcode_addons | < 3.0.3 | 3.0.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to the vulnerable REST API endpoint /wp-json/ShortCodeAddonsUltimate/v2/addons_settings with a rawdata body parameter containing JSON option name/value pairs. ↗
- →A successful exploitation response contains the string 'oxi-confirmation-success' in the HTTP response body with a 200 status code. ↗
- →The exploit payload encodes JSON as URL-encoded rawdata, targeting the 'blogname' WordPress option to confirm arbitrary option write capability: rawdata={"name":"blogname","value":"<attacker_value>"} ↗
- →Two-step exploitation: first POST to the REST endpoint to overwrite an option, then GET / to verify the modified value appears in the homepage body alongside '/wp-' strings. ↗
- →Content-Type header used in the exploit request is application/x-www-form-urlencoded; monitor for unauthenticated requests with this content type to the ShortCodeAddons REST namespace. ↗
- ·The vulnerability affects Shortcode Addons plugin versions <= 3.0.2 only; version 3.0.3 and above contain the fix. ↗
- ·No authentication is required to exploit this endpoint; the attack is fully unauthenticated (PR:N, UI:N in CVSS), meaning WAF/IDS rules should not assume session tokens will be present in malicious requests. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2pxw-qgwm-32jg: Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3
ghsa_unreviewed·2022-07-22
CVE-2022-34487 [MEDIUM] CWE-863 GHSA-2pxw-qgwm-32jg: Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
VulnCheck
Oxilab Shortcode Addons Plugin Arbitrary Option Update Vulnerability
vulncheck·2022·CVSS 9.8
CVE-2022-34487 [CRITICAL] Oxilab Shortcode Addons Plugin Arbitrary Option Update Vulnerability
Oxilab Shortcode Addons Plugin Arbitrary Option Update Vulnerability
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
Affected: oxilab Shortcode Addons Plugin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-0-3-unauthenticated-arbitrary-option-update-vulnerability
No detection rules found.
Nuclei
ShortCode Addons - Unauthenticated Options Update
nuclei·CVSS 5.3
CVE-2022-34487 [MEDIUM] ShortCode Addons - Unauthenticated Options Update
ShortCode Addons - Unauthenticated Options Update
WordPress plugin Shortcode Addons <= 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication.
Template:
id: CVE-2022-34487
info:
name: ShortCode Addons - Unauthenticated Options Update
author: Sourabh-Sahu
severity: critical
description: |
WordPress plugin Shortcode Addons <= 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication.
impact: |
Attackers can modify plugin options arbitrarily, potentially leading to site defacement, data tampering, or further exploitation.
remediation: |
Update to the latest version of S
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-0-3-unauthenticated-arbitrary-option-update-vulnerabilityhttps://wordpress.org/plugins/shortcode-addons/#developershttps://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-0-3-unauthenticated-arbitrary-option-update-vulnerabilityhttps://wordpress.org/plugins/shortcode-addons/#developers
2022-07-21
Published
Exploited in the wild