The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-10-17T00:00:00
Updated: 2024-08-03T01:00:10.268Z
Reserved: 2022-09-01T00:00:00
Link: CVE-2022-3082
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-17T12:15:10.040
Modified: 2024-11-21T07:18:47.120
Link: CVE-2022-3082
Redhat
No data.