Description

WordPress Plugin miniOrange Discord Integration is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently call some of the AJAX actions and disable the app for example. WordPress Plugin miniOrange Discord Integration version 2.1.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.1.6 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:A91D0501-C2A9-4C6C-B5DA-B3FC29442A4F

https://plugins.svn.wordpress.org/miniorange-discord-integration/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Better User Shortcodes Multiple Cross-Site Scripting Vulnerabilities (1.0)

WordPress Plugin GS Logo Slider-Ticker, Grid, List, Table & Filter Views Unspecified Vulnerability (3.3.8)

WordPress Plugin YITH WooCommerce Multi Vendor Cross-Site Scripting (3.8.0)

WordPress Plugin Facebook for WordPress Cross-Site Request Forgery (3.0.3)

WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (2.3.12)

Severity

High

Classification

CVE-2022-3082 CWE-284 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Authentication Bypass