CVE-2022-38057 - Vulnerability Details - OpenCVE

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Themehunk	Advanced Wordpress Search Th Advance Product Search

Configuration 1 [-]

cpe:2.3:a:themehunk:th_advance_product_search:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve

History

Mon, 30 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Themehunk th Advance Product Search
CPEs		cpe:2.3:a:themehunk:th_advance_product_search::::::wordpress::*
Vendors & Products		Themehunk th Advance Product Search

Thu, 10 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Themehunk Themehunk advanced Wordpress Search
CPEs		cpe:2.3:a:themehunk:advanced_wordpress_search:-:::::::*
Vendors & Products		Themehunk Themehunk advanced Wordpress Search
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-03-25T11:36:57.616Z

Updated: 2025-04-10T18:30:53.173Z

Reserved: 2022-09-27T08:41:16.457Z

Link: CVE-2022-38057

Vulnrichment

Updated: 2024-08-03T10:45:52.560Z

NVD

Status : Analyzed

Published: 2024-03-25T12:15:08.010

Modified: 2025-06-30T18:51:07.507

Link: CVE-2022-38057

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-38057", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-09-27T08:41:16.457Z", "datePublished": "2024-03-25T11:36:57.616Z", "dateUpdated": "2025-04-10T18:30:53.173Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "th-advance-product-search", "product": "Advance WordPress Search Plugin", "vendor": "ThemeHunk", "versions": [{"lessThanOrEqual": "1.2.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rasi Afeef (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.<p>This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.</p>"}], "value": "Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-03-25T11:36:57.616Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-306", "lang": "en", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "affected": [{"vendor": "themehunk", "product": "advanced_wordpress_search", "cpes": ["cpe:2.3:a:themehunk:advanced_wordpress_search:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-26T19:23:48.899432Z", "id": "CVE-2022-38057", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T18:30:53.173Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.560Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.560Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-38057", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-26T19:23:48.899432Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:themehunk:advanced_wordpress_search:-:*:*:*:*:*:*:*"], "vendor": "themehunk", "product": "advanced_wordpress_search", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.2.1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T18:00:46.831Z"}}], "cna": {"title": "WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rasi Afeef (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ThemeHunk", "product": "Advance WordPress Search Plugin", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.2.1"}], "packageName": "th-advance-product-search", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.\n\n", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.<p>This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-03-25T11:36:57.616Z"}}}, "cveMetadata": {"cveId": "CVE-2022-38057", "state": "PUBLISHED", "dateUpdated": "2025-04-10T18:30:53.173Z", "dateReserved": "2022-09-27T08:41:16.457Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-03-25T11:36:57.616Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:themehunk:th_advance_product_search:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EBD19186-231F-4754-BF68-F8FC8039C64E", "versionEndExcluding": "1.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en ThemeHunk Advance WordPress Search Plugin. Este problema afecta a Advance WordPress Search Plugin: desde n/a hasta 1.2.1."}], "id": "CVE-2022-38057", "lastModified": "2025-06-30T18:51:07.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-03-25T12:15:08.010", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}