Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-1757

Опубликовано: 11 июл. 2022
Источник: nvd
CVSS3: 5.4
CVSS2: 3.5
EPSS Низкий

Описание

The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:pagebar_project:pagebar:*:*:*:*:*:wordpress:*:*
Версия до 2.70 (исключая)

EPSS

Процентиль: 31%
0.00118
Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-r4g8-72wp-fwqg

CVSS3: 5.4
github
больше 3 лет назад

The Pagebar WordPress plugin through 2.65 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues

EPSS

Процентиль: 31%
0.00118
Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79