First published: Mon Aug 01 2022(Updated: )
The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wpwhitesecurity Captcha 4wp | <7.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2184 is a vulnerability in the CAPTCHA 4WP WordPress plugin before version 7.1.0 that allows user input to reach a sensitive require_once call in one of its admin-side templates, which can be exploited to run arbitrary code on the server.
The CAPTCHA 4WP WordPress plugin before version 7.1.0 does not properly handle user input, allowing it to reach a sensitive require_once call in one of its admin-side templates.
CVE-2022-2184 has a severity rating of 8.8 (high severity) and can be abused by attackers, via a Cross-Site Request Forgery attack, to run arbitrary code on the server.
An attacker can exploit CVE-2022-2184 by performing a Cross-Site Request Forgery attack and utilizing the vulnerability in the CAPTCHA 4WP WordPress plugin before version 7.1.0 to run arbitrary code on the server.
Yes, a fix for CVE-2022-2184 is available in version 7.1.0 of the CAPTCHA 4WP WordPress plugin. It is recommended to update to this version to mitigate the vulnerability.