exploitDog

CVE-2022-1672

Опубликовано: 17 июл. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

Ссылки

https://wpscan.com/vulnerability/5c5955d7-24f0-45e6-9c27-78ef50446dad
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/5c5955d7-24f0-45e6-9c27-78ef50446dad
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:insights_from_google_pagespeed_project:insights_from_google_pagespeed:*:*:*:*:*:wordpress:*:*

Версия до 4.0.7 (исключая)

EPSS

Процентиль: 29%

0.00104

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-28mj-h58q-vmmm

CVSS3: 8.8

github

около 3 лет назад

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

EPSS

Процентиль: 29%

0.00104

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352