CVE-2022-41650
Received Received - Intake
Missing Authorization in Custom Content by Country Plugin

Publication date: 2026-02-17

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-02-17
EPSS Evaluated
2026-06-14
NVD
CVE-2022-41650
EUVD
EUVD-2022-44838
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shield_security custom_content_by_country to 3.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2022-41650 is a broken access control vulnerability in the WordPress plugin "Custom Content by Country (by Shield Security)" versions up to and including 3.1.2.'}, {'type': 'paragraph', 'content': 'The issue arises from missing authorization, authentication, or nonce token checks within certain functions, which allows unprivileged users (such as those with Subscriber-level privileges) to perform actions that are intended only for higher-privileged users like Developers.'}, {'type': 'paragraph', 'content': 'This vulnerability falls under the OWASP Top 10 category A5: Broken Access Control and has a CVSS severity score of 6.5, indicating a moderate risk level.'}] [1]

Impact Analysis

The vulnerability allows users with low privileges to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or actions within the affected WordPress plugin.

Despite the moderate CVSS score, the impact is considered low priority and it is unlikely to be exploited in practice.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability arises from missing authorization checks in the WordPress plugin "Custom Content by Country (by Shield Security)" up to version 3.1.2, allowing unprivileged users to perform restricted actions.'}, {'type': 'paragraph', 'content': 'Detection would involve verifying if the affected plugin version is installed and checking for unauthorized actions performed by Subscriber-level users that should require higher privileges.'}, {'type': 'paragraph', 'content': 'No specific detection commands or network signatures are provided in the available resources.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'As no official fix or patched version has been released for this vulnerability, immediate mitigation steps include restricting Subscriber-level user capabilities and monitoring for suspicious activity.'}, {'type': 'paragraph', 'content': "Using Patchstack's mitigation services may help reduce risk, although no direct patch from the plugin developers is available."}, {'type': 'paragraph', 'content': 'Consider disabling or removing the affected plugin until a fix is released to prevent exploitation.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-41650. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart