exploitDog

CVE-2022-2387

Опубликовано: 07 нояб. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*

Версия до 3.0 (исключая)

EPSS

Процентиль: 42%

0.00197

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-pr89-cv9w-3vj3

CVSS3: 4.3

github

больше 3 лет назад

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

EPSS

Процентиль: 42%

0.00197

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352