Vulnerabilities > CVE-2022-1572 - Missing Authorization vulnerability in Html2Wp Project Html2Wp

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

html2wp-project

CWE-862

NVD

Published: 2022-06-27

Updated: 2024-11-21

Summary

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file

Vulnerable Configurations

Part	Description	Count
Application	Html2Wp_Project Html2Wp Project Html2Wp *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5
https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5