exploitDog

CVE-2022-0445

Опубликовано: 07 мар. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/d9f28255-0026-4c42-9e67-d17b618c2285
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d9f28255-0026-4c42-9e67-d17b618c2285
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:devowl:wordpress_real_cookie_banner:*:*:*:*:*:wordpress:*:*

Версия до 2.14.2 (исключая)

EPSS

Процентиль: 35%

0.0014

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-xwc7-pv4h-828f

CVSS3: 6.5

github

почти 4 года назад

The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack

EPSS

Процентиль: 35%

0.0014

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

CWE-352