exploitDog

CVE-2022-0707

Опубликовано: 18 апр. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

Ссылки

https://plugins.trac.wordpress.org/changeset/2697388
Patch
Third Party Advisory
https://wpscan.com/vulnerability/50680797-61e4-4737-898f-e5b394d89117
Exploit
Patch
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2697388
Patch
Third Party Advisory
https://wpscan.com/vulnerability/50680797-61e4-4737-898f-e5b394d89117
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*

Версия до 2.11.6 (исключая)

EPSS

Процентиль: 29%

0.00103

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-r26r-2j23-r3hv

CVSS3: 4.3

github

почти 4 года назад

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

EPSS

Процентиль: 29%

0.00103

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

CWE-352