exploitDog

CVE-2022-2275

Опубликовано: 22 авг. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/07757d1e-39ad-4199-bc7a-ecb821dfc996
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/07757d1e-39ad-4199-bc7a-ecb821dfc996
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp_edit_menu_project:wp_edit_menu:*:*:*:*:*:wordpress:*:*

Версия до 1.5.0 (исключая)

EPSS

Процентиль: 29%

0.00106

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-gmfj-x9cj-5fh4

CVSS3: 4.3

github

больше 3 лет назад

The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack

EPSS

Процентиль: 29%

0.00106

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352