exploitDog

CVE-2022-3850

Опубликовано: 28 нояб. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/8ae42ec0-7e3a-4ea5-8e76-0aae7b92a8e9
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/8ae42ec0-7e3a-4ea5-8e76-0aae7b92a8e9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:find_and_replace_all_project:find_and_replace_all:*:*:*:*:*:wordpress:*:*

Версия до 1.3 (включая)

EPSS

Процентиль: 27%

0.00097

Низкий

4.3 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-2qpw-jpx2-w9hr

CVSS3: 4.3

github

около 3 лет назад

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

EPSS

Процентиль: 27%

0.00097

Низкий

4.3 Medium

CVSS3

Дефекты