4.3
CVE-2022-2387
- EPSS 0.29%
- Veröffentlicht 07.11.2022 10:15:11
- Zuletzt bearbeitet 05.05.2025 21:15:45
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginEasy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF
Easy Digital Downloads <= 2.11.7 - Cross-Site Request Forgery to Arbitrary Post Deletion
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack
Mögliche Gegenmaßnahme
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy: Update to version 3.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Awesomemotive ≫ Easy Digital Downloads SwPlatformwordpress Version < 3.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Version
*-2.11.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.201 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea99795f-45fa-4d4c-a6bd-2197b58efcb2