CVE-2022-41781 Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.

The access control system in this plugin is broken. Thus, any attacker can bypass the restriction and create new pages via access_view(). This can be exploited to gain access to unauthorized content. Depending on the plugin being used, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc. In case of Permalink Manager Lite, the attacker can also change the access level of directories and control what can or cannot be accessed. This can be exploited to gain access to unauthorized content. Depending on the plugin being used, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc. In case of Permalink Manager Lite, the attacker can also change the access level of directories and control what can or cannot be accessed. In case of Confirium Access, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc. In case of Confirium Access, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc. In case of Confirium Access, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc

Broken Access Control Vulnerability in Confirium

Many plugins have the same security feature that is Broken Access Control. This is a problem because any user can bypass the restriction and create new pages via access_view(). This can be exploited to gain access to unauthorized content. Depending on the plugin being used, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc. In case of Confirium Access, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc. In case of Confirium Access, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc. In case of Confirium Access, Broken Access Control vulnerability can be exploited by creating new pages, changing the access level of existing pages, bypassing the login form, etc

Timeline

Published on: 11/18/2022 19:15:00 UTC
Last modified on: 11/21/2022 17:07:00 UTC

References