CVE-2022-41650
Missing Authorization in Custom Content by Country Plugin
Publication date: 2026-02-17
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shield_security | custom_content_by_country | to 3.1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2022-41650 is a broken access control vulnerability in the WordPress plugin "Custom Content by Country (by Shield Security)" versions up to and including 3.1.2.'}, {'type': 'paragraph', 'content': 'The issue arises from missing authorization, authentication, or nonce token checks within certain functions, which allows unprivileged users (such as those with Subscriber-level privileges) to perform actions that are intended only for higher-privileged users like Developers.'}, {'type': 'paragraph', 'content': 'This vulnerability falls under the OWASP Top 10 category A5: Broken Access Control and has a CVSS severity score of 6.5, indicating a moderate risk level.'}] [1]
How can this vulnerability impact me? :
The vulnerability allows users with low privileges to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or actions within the affected WordPress plugin.
Despite the moderate CVSS score, the impact is considered low priority and it is unlikely to be exploited in practice.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability arises from missing authorization checks in the WordPress plugin "Custom Content by Country (by Shield Security)" up to version 3.1.2, allowing unprivileged users to perform restricted actions.'}, {'type': 'paragraph', 'content': 'Detection would involve verifying if the affected plugin version is installed and checking for unauthorized actions performed by Subscriber-level users that should require higher privileges.'}, {'type': 'paragraph', 'content': 'No specific detection commands or network signatures are provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'As no official fix or patched version has been released for this vulnerability, immediate mitigation steps include restricting Subscriber-level user capabilities and monitoring for suspicious activity.'}, {'type': 'paragraph', 'content': "Using Patchstack's mitigation services may help reduce risk, although no direct patch from the plugin developers is available."}, {'type': 'paragraph', 'content': 'Consider disabling or removing the affected plugin until a fix is released to prevent exploitation.'}] [1]