Vulnerabilities > CVE-2022-2933 - Unspecified vulnerability in 0MK Shortener Project 0MK Shortener 0.2

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

0mk-shortener-project

NVD

Published: 2023-02-06

Updated: 2023-11-07

Summary

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vulnerable Configurations

Part	Description	Count
Application	0Mk_Shortener_Project 0MK Shortener Project 0MK Shortener - 0MK Shortener Project 0MK Shortener 0.2	2

References

https://plugins.trac.wordpress.org/browser/0mk-shortener/trunk/0mk.php#L28
https://www.wordfence.com/threat-intel/vulnerabilities/id/3b798c64-3434-427d-b578-5abbdac8cd0e