UBUNTU-CVE-2022-2839
- Source
- https://ubuntu.com/security/CVE-2022-2839
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-2839.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-2839
- Upstream
- Published
- 2022-10-03T14:15:00Z
- Modified
- 2026-05-20T16:08:01.434548451Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.
- References
Affected packages
Ubuntu:16.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.3+dfsg-1
4.3.1+dfsg-1
4.4+dfsg-1
4.4.1+dfsg-1
4.4.2+dfsg-1
4.4.2+dfsg-1ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "4.4.2+dfsg-1ubuntu1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "4.4.2+dfsg-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentyfifteen",
"binary_version": "4.4.2+dfsg-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentyfourteen",
"binary_version": "4.4.2+dfsg-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentysixteen",
"binary_version": "4.4.2+dfsg-1ubuntu1"
}
]
}zephyr
Package
- Name
- zephyr
- Purl
- pkg:deb/ubuntu/zephyr?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libzephyr4",
"binary_version": "3.1.2-1build1"
},
{
"binary_name": "libzephyr4-krb5",
"binary_version": "3.1.2-1build1"
},
{
"binary_name": "zephyr-clients",
"binary_version": "3.1.2-1build1"
},
{
"binary_name": "zephyr-server",
"binary_version": "3.1.2-1build1"
},
{
"binary_name": "zephyr-server-krb5",
"binary_version": "3.1.2-1build1"
}
]
}Ubuntu:18.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.8.2+dfsg-2
4.8.3+dfsg-1
4.9.1+dfsg-1
4.9.2+dfsg-1
4.9.4+dfsg-1
4.9.5+dfsg1-1
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "4.9.5+dfsg1-1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "4.9.5+dfsg1-1"
},
{
"binary_name": "wordpress-theme-twentyfifteen",
"binary_version": "4.9.5+dfsg1-1"
},
{
"binary_name": "wordpress-theme-twentyseventeen",
"binary_version": "4.9.5+dfsg1-1"
},
{
"binary_name": "wordpress-theme-twentysixteen",
"binary_version": "4.9.5+dfsg1-1"
}
]
}zephyr
Package
- Name
- zephyr
- Purl
- pkg:deb/ubuntu/zephyr?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libzephyr4",
"binary_version": "3.1.2-1build2"
},
{
"binary_name": "libzephyr4-krb5",
"binary_version": "3.1.2-1build2"
},
{
"binary_name": "zephyr-clients",
"binary_version": "3.1.2-1build2"
},
{
"binary_name": "zephyr-server",
"binary_version": "3.1.2-1build2"
},
{
"binary_name": "zephyr-server-krb5",
"binary_version": "3.1.2-1build2"
}
]
}Ubuntu:20.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentynineteen",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentyseventeen",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentysixteen",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
}
]
}zephyr
Package
- Name
- zephyr
- Purl
- pkg:deb/ubuntu/zephyr?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libzephyr4",
"binary_version": "3.1.2-1build3"
},
{
"binary_name": "libzephyr4-krb5",
"binary_version": "3.1.2-1build3"
},
{
"binary_name": "zephyr-clients",
"binary_version": "3.1.2-1build3"
},
{
"binary_name": "zephyr-server",
"binary_version": "3.1.2-1build3"
},
{
"binary_name": "zephyr-server-krb5",
"binary_version": "3.1.2-1build3"
}
]
}Ubuntu:22.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.7.1+dfsg1-2ubuntu1
5.8.1+dfsg1-2ubuntu1
5.8.2+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
},
{
"binary_name": "wordpress-theme-twentynineteen",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
},
{
"binary_name": "wordpress-theme-twentytwenty",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
},
{
"binary_name": "wordpress-theme-twentytwentyone",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
}
]
}zephyr
Package
- Name
- zephyr
- Purl
- pkg:deb/ubuntu/zephyr?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libzephyr4",
"binary_version": "3.1.2-1build3"
},
{
"binary_name": "libzephyr4-krb5",
"binary_version": "3.1.2-1build3"
},
{
"binary_name": "zephyr-clients",
"binary_version": "3.1.2-1build3"
},
{
"binary_name": "zephyr-server",
"binary_version": "3.1.2-1build3"
},
{
"binary_name": "zephyr-server-krb5",
"binary_version": "3.1.2-1build3"
}
]
}Ubuntu:24.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentyfour",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentythree",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentytwo",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
}
]
}zephyr
Package
- Name
- zephyr
- Purl
- pkg:deb/ubuntu/zephyr?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libzephyr4",
"binary_version": "3.1.2-1.1build1"
},
{
"binary_name": "libzephyr4-krb5",
"binary_version": "3.1.2-1.1build1"
},
{
"binary_name": "zephyr-clients",
"binary_version": "3.1.2-1.1build1"
},
{
"binary_name": "zephyr-server",
"binary_version": "3.1.2-1.1build1"
},
{
"binary_name": "zephyr-server-krb5",
"binary_version": "3.1.2-1.1build1"
}
]
}Ubuntu:25.10
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentyfive",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentyfour",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentythree",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
}
]
}zephyr
Package
- Name
- zephyr
- Purl
- pkg:deb/ubuntu/zephyr?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libzephyr4",
"binary_version": "3.1.2-1.1build1"
},
{
"binary_name": "libzephyr4-krb5",
"binary_version": "3.1.2-1.1build1"
},
{
"binary_name": "zephyr-clients",
"binary_version": "3.1.2-1.1build1"
},
{
"binary_name": "zephyr-server",
"binary_version": "3.1.2-1.1build1"
},
{
"binary_name": "zephyr-server-krb5",
"binary_version": "3.1.2-1.1build1"
}
]
}Ubuntu:26.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
},
{
"binary_name": "wordpress-theme-twentytwentyfive",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
},
{
"binary_name": "wordpress-theme-twentytwentyfour",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
},
{
"binary_name": "wordpress-theme-twentytwentythree",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
}
]
}zephyr
Package
- Name
- zephyr
- Purl
- pkg:deb/ubuntu/zephyr?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libzephyr4",
"binary_version": "3.1.2-4"
},
{
"binary_name": "libzephyr4-krb5",
"binary_version": "3.1.2-4"
},
{
"binary_name": "zephyr-clients",
"binary_version": "3.1.2-4"
},
{
"binary_name": "zephyr-server",
"binary_version": "3.1.2-4"
},
{
"binary_name": "zephyr-server-krb5",
"binary_version": "3.1.2-4"
}
]
}