Cyber Resilience

CVE-2022-33198

Critical

Published: 21 July 2022

Published
21 July 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3676 97.2th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-33198 is a critical-severity an unspecified weakness vulnerability in Oxilab Accordions. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-33198 is an unauthenticated WordPress options change vulnerability affecting Biplob Adhikari's Accordions plugin at version 2.0.2 and earlier. The flaw carries a CVSS 3.1 score of 9.8 and is associated with CWE-264, allowing modification of site configuration settings without any access controls.

An attacker with no credentials or user interaction can send crafted requests over the network to alter WordPress options, resulting in full compromise of confidentiality, integrity, and availability on the affected site.

Advisories published by Patchstack and the WordPress plugin repository identify the issue in the listed versions and direct administrators to obtain corrected releases through the official plugin directory.

The EPSS score reached a peak of 0.4813 with a current value of 0.3676.

EU & UK References

Vulnerability details

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

oxilab
accordions
≤ 2.0.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References