exploitDog

CVE-2022-1967

Опубликовано: 04 июл. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Ссылки

https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-championship_project:wp-championship:*:*:*:*:*:wordpress:*:*

Версия до 9.3 (исключая)

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-wr2q-mmhm-ff6j

CVSS3: 6.5

github

больше 3 лет назад

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352