← Back to CVEs
CVE-2022-3082
MEDIUM6.5
Description
The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published10/17/2022
Last Modified5/13/2025
Sourcenvd
Honeypot Sightings0
Affected Products
miniorange:discord_integration
Weaknesses (CWE)
CWE-352CWE-862
References
https://wpscan.com/vulnerability/a91d0501-c2a9-4c6c-b5da-b3fc29442a4f(contact@wpscan.com)
https://wpscan.com/vulnerability/a91d0501-c2a9-4c6c-b5da-b3fc29442a4f(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.