melsorg / github-scanner-test

Dummy repository for testing the GitHub scanner
0 stars 0 forks source link

CVE-2023-22622 (Medium) detected in WordPress3.8 #157

Open mend-bolt-for-github[bot] opened 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2023-22622 - Medium Severity Vulnerability

Vulnerable Library - WordPress3.8

WordPress, Git-ified. Synced via SVN every 15 minutes, including branches and tags! This repository is just a mirror of the WordPress subversion repository. Please do not send pull requests. Submit patches to https://core.trac.wordpress.org/ instead.

Library home page: https://github.com/WordPress/WordPress.git

Found in HEAD commit: d78b9e5410cf312856c3d176abc7fe70ea70dc53

Found in base branch: master

Vulnerable Source Files (1)

/wordpress/wp-cron.php

Vulnerability Details

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.

Publish Date: 2023-01-05

URL: CVE-2023-22622

CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.


Step up your Open Source Security Game with Mend here