CVE-2022-4555
WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities.
| CWE | CWE-862 |
| Vendor | wpvar |
| Product | wp shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس |
| Published | Dec 16, 2022 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for wpvar wp shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس
Be the first to know when new medium vulnerabilities affecting wpvar wp shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
wpvar / WP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس
0 ≤ 4.1.0
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/7b498c5a-9fd1-43b8-b456-f6cec65d5077?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2645044%40wp-shamsi&new=2645044%40wp-shamsi&sfp_email=&sfph_mail= wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/7b498c5a-9fd1-43b8-b456-f6cec65d5077
Credits
Chloe Chamberland