CVE-2022-0328

Опубликовано: 28 фев. 2022

Источник: nvd

CVSS3: 4.7

CVSS2: 4.3

EPSS Низкий

Описание

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

Ссылки

https://plugins.trac.wordpress.org/changeset/2662855
Release Notes
Third Party Advisory
https://wpscan.com/vulnerability/44532b7c-4d0d-4959-ada4-733f377d6ec9
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2662855
Release Notes
Third Party Advisory
https://wpscan.com/vulnerability/44532b7c-4d0d-4959-ada4-733f377d6ec9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*

Версия до 4.0.9 (исключая)

EPSS

Процентиль: 30%

0.00112

Низкий

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-p8mj-g26x-2rp4