4.3
CVE-2022-2387
- EPSS 0.2%
- Veröffentlicht 07.11.2022 10:15:11
- Zuletzt bearbeitet 05.05.2025 21:15:45
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginEasy Digital Downloads <= 2.11.7 - Cross-Site Request Forgery to Arbitrary Post Deletion
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack
Mögliche Gegenmaßnahme
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy: Update to version 3.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Version
*-2.11.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Awesomemotive ≫ Easy Digital Downloads SwPlatformwordpress Version < 3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.419 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.