exploitDog

CVE-2022-0914

Опубликовано: 11 апр. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example

Ссылки

https://wpscan.com/vulnerability/c328be28-75dd-43db-a5b9-c1ba0636c930
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c328be28-75dd-43db-a5b9-c1ba0636c930
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlasgondal:export_all_urls:*:*:*:*:*:wordpress:*:*

Версия до 4.3 (исключая)

EPSS

Процентиль: 31%

0.00115

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-22p9-v5cc-5f4w

CVSS3: 6.5

github

больше 3 лет назад

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example

EPSS

Процентиль: 31%

0.00115

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352