CVE-2022-47176 – CVE-2022-47176 is a missing authorization vulne... (How to Fix)

📋 TL;DR

CVE-2022-47176 is a missing authorization vulnerability in the Depicter Slider WordPress plugin that allows attackers to exploit incorrectly configured access controls. This affects WordPress sites using Depicter Slider versions up to 1.9.0, potentially allowing unauthorized access to plugin functionality.

💻 Affected Systems

Products:

Depicter Slider and Popup by Averta

Versions: n/a through 1.9.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with the Depicter plugin enabled.

📦 What is this software?

Depicter Slider by Averta

View all CVEs affecting Depicter Slider →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify slider content, inject malicious code, or access administrative functions depending on plugin configuration.

🟠

Likely Case

Unauthorized users could modify slider settings or content without proper authentication.

🟢

If Mitigated

With proper access controls and authentication, impact is limited to authorized users only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Missing authorization vulnerabilities typically require minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.1 or later

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/depicter/vulnerability/wordpress-depicter-slider-plugin-1-7-3-broken-access-control-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Depicter Slider
4. Click 'Update Now' if available
5. If no update appears, download version 1.9.1+ from WordPress.org
6. Deactivate, delete old version, upload and activate new version

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the Depicter Slider plugin until patched

wp plugin deactivate depicter

Restrict Access

all

Implement IP-based restrictions or web application firewall rules

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the WordPress admin interface
Deploy a web application firewall with rules to detect and block unauthorized access attempts to plugin endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Depicter Slider version. If version is 1.9.0 or earlier, you are vulnerable.

Check Version:

wp plugin get depicter --field=version

Verify Fix Applied:

Verify plugin version is 1.9.1 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with depicter-related actions
Unauthorized users accessing plugin administration endpoints

Network Indicators:

HTTP requests to /wp-admin/admin-ajax.php with action parameters containing 'depicter' from unauthorized IPs

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND action="*depicter*") AND user="anonymous"

📊 Metadata

CVE ID: CVE-2022-47176

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-862

Published: December 13, 2024

Last Updated: January 23, 2026

🔗 References

https://patchstack.com/database/wordpress/plugin/depicter/vulnerability/wordpress-depicter-slider-plugin-1-7-3-broken-access-control-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47176, you might also want to check these: