exploitDog

GHSA-8qv6-fpqj-69wv

Опубликовано: 23 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack.

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack.

Ссылки

EPSS

Процентиль: 40%

0.00184

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-2555

CVSS3: 6.5

nvd

больше 3 лет назад

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack.

EPSS

Процентиль: 40%

0.00184

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352