CVE-2022-29435

Опубликовано: 17 мая 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 5.8

EPSS Низкий

Описание

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets.

Ссылки

https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-vulnerability
Third Party Advisory
https://wordpress.org/plugins/code-snippets-extended/#developers
Vendor Advisory
https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-vulnerability
Third Party Advisory
https://wordpress.org/plugins/code-snippets-extended/#developers
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:code_snippets_extended_project:code_snippets_extended:*:*:*:*:*:*:wordpress:*

Версия до 1.4.7 (включая)

EPSS

Процентиль: 38%

0.00164

Низкий

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-fx9c-g9f5-59gr