CVE-2022-46797

Опубликовано: 01 мар. 2023

Источник: nvd

CVSS3: 5.4

CVSS3: 4.3

EPSS Низкий

Описание

Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.

Ссылки

https://patchstack.com/database/vulnerability/enhanced-e-commerce-for-woocommerce-store/wordpress-actionable-google-analytics-and-google-shopping-plugin-for-woocommerce-plugin-5-2-3-cross-site-request-forgery-csrf?_s_id=cve
Third Party Advisory
https://patchstack.com/database/vulnerability/enhanced-e-commerce-for-woocommerce-store/wordpress-actionable-google-analytics-and-google-shopping-plugin-for-woocommerce-plugin-5-2-3-cross-site-request-forgery-csrf?_s_id=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:conversios:conversios:*:*:*:*:*:wordpress:*:*

Версия до 5.2.4 (исключая)

EPSS

Процентиль: 17%

0.00053

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-5wj8-xj8m-vm2p

CVSS3: 4.3

github

почти 3 года назад

Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.

EPSS

Процентиль: 17%

0.00053

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-352