exploitDog

GHSA-rm98-3vrx-q6wp

Опубликовано: 05 дек. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks

Ссылки

EPSS

Процентиль: 40%

0.00184

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-3677

CVSS3: 6.5

nvd

около 3 лет назад

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks

EPSS

Процентиль: 40%

0.00184

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352