Headline
CVE-2022-41781: WordPress Permalink Manager Lite plugin <= 2.2.20 - Broken Access Control vulnerability - Patchstack
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
Verified
Fixed
6.5
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 2.2.20
PSID
1241896e536d
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Can be exploited remotely without any authentication.
Publicly disclosed
2022-11-01
Details
Broken Access Control vulnerability discovered by Nguyen Anh Tien (Patchstack Alliance) in the WordPress Permalink Manager Lite plugin (versions <= 2.2.20).
Solution
Update the WordPress Permalink Manager Lite plugin to the latest available version (at least 2.2.20.1).
References