6.5
CVE-2022-1599
- EPSS 0.61%
- Veröffentlicht 11.07.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:41:02
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAdmin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF
Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery to Post Status Update
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.
Mögliche Gegenmaßnahme
Admin Management Xtended: Update to version 2.4.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Admin Management Xtended Project ≫ Admin Management Xtended SwPlatformwordpress Version < 2.4.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Admin Management Xtended
Version
[*, 2.4.5)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.446 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/4a36e876-7e3b-4a81-9f16-9ff5fbb20dd6
https://www.wordfence.com/threat-intel/vulnerabilities/id/281ebead-5a30-4bfb-8280-94faf5d4fc14