CVE-2022-33198
Published: 21 July 2022
Summary
CVE-2022-33198 is a critical-severity an unspecified weakness vulnerability in Oxilab Accordions. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-33198 is an unauthenticated WordPress options change vulnerability affecting Biplob Adhikari's Accordions plugin at version 2.0.2 and earlier. The flaw carries a CVSS 3.1 score of 9.8 and is associated with CWE-264, allowing modification of site configuration settings without any access controls.
An attacker with no credentials or user interaction can send crafted requests over the network to alter WordPress options, resulting in full compromise of confidentiality, integrity, and availability on the affected site.
Advisories published by Patchstack and the WordPress plugin repository identify the issue in the listed versions and direct administrators to obtain corrected releases through the official plugin directory.
The EPSS score reached a peak of 0.4813 with a current value of 0.3676.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-36242
Vulnerability details
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.