6.5
CVE-2022-23975
- EPSS 0.18%
- Veröffentlicht 18.04.2022 17:15:16
- Zuletzt bearbeitet 21.11.2024 06:49:35
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginAccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
Mögliche Gegenmaßnahme
Access Demo Importer: Update to version 1.0.7, or a newer patched version
Accesspress Basic: Update to version 3.2.2, or a newer patched version
AccessPress Lite: Update to version 2.93, or a newer patched version
AccessPress Mag: Update to version 2.6.6, or a newer patched version
AccessPress Parallax: Update to version 4.6, or a newer patched version
AccessPress Root: Update to version 2.6.0, or a newer patched version
AccessPress Store: Update to version 2.5.0, or a newer patched version
Arrival: Update to version 1.4.3, or a newer patched version
Bingle: Update to version 1.0.5, or a newer patched version
Bloger: Update to version 1.2.7, or a newer patched version
Brovy: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Construction Lite: Update to version 1.2.6, or a newer patched version
Digital Agency Lite: Update to version 1.1.7, or a newer patched version
Doko: Update to version 1.1.0, or a newer patched version
Edict Lite: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Eight Sec: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
EightLaw Lite: Update to version 2.1.6, or a newer patched version
Eightmedi Lite: Update to version 2.1.9, or a newer patched version
EightStore Lite: Update to version 1.2.6, or a newer patched version
Enlighten: Update to version 1.3.6, or a newer patched version
FotoGraphy: Update to version 2.4.1, or a newer patched version
Opstore: Update to version 1.4.4, or a newer patched version
ParallaxSome: Update to version 1.3.7, or a newer patched version
Punte: Update to version 1.1.3, or a newer patched version
Revolve: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Ripple: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Sakala: Update to version 1.0.5, or a newer patched version
ScrollMe: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
StoreVilla: Update to version 1.4.2, or a newer patched version
Swing Lite: Update to version 1.2.0, or a newer patched version
The Launcher: Update to version 1.3.3, or a newer patched version
The Monday: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
The100: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Ultra Seven: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Uncode Lite: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
VMag: Update to version 1.2.8, or a newer patched version
VMagazine Lite: Update to version 1.3.6, or a newer patched version
Vmagazine News: Update to version 1.0.6, or a newer patched version
WP Store: Update to version 1.2.0, or a newer patched version
WPparallax: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Zigcy Baby: Update to version 1.0.7, or a newer patched version
Zigcy Cosmetics: Update to version 1.0.6, or a newer patched version
Zigcy Lite: Update to version 2.1.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Access Demo Importer
Version
* - 1.0.6
SystemWordPress Theme
≫
Produkt
Accesspress Basic
Version
* - 3.2.1
SystemWordPress Theme
≫
Produkt
AccessPress Lite
Version
* - 2.92
SystemWordPress Theme
≫
Produkt
AccessPress Mag
Version
* - 2.6.5
SystemWordPress Theme
≫
Produkt
AccessPress Parallax
Version
* - 4.5
SystemWordPress Theme
≫
Produkt
AccessPress Root
Version
* - 2.5
SystemWordPress Theme
≫
Produkt
AccessPress Store
Version
* - 2.4.9
SystemWordPress Theme
≫
Produkt
Arrival
Version
* - 1.4.2
SystemWordPress Theme
≫
Produkt
Bingle
Version
* - 1.0.4
SystemWordPress Theme
≫
Produkt
Bloger
Version
* - 1.2.6
SystemWordPress Theme
≫
Produkt
Brovy
Version
* - 1.3
SystemWordPress Theme
≫
Produkt
Construction Lite
Version
* - 1.2.5
SystemWordPress Theme
≫
Produkt
Digital Agency Lite
Version
* - 1.1.6
SystemWordPress Theme
≫
Produkt
Doko
Version
* - 1.0.27
SystemWordPress Theme
≫
Produkt
Edict Lite
Version
* - 1.1.4
SystemWordPress Theme
≫
Produkt
Eight Sec
Version
* - 1.1.4
SystemWordPress Theme
≫
Produkt
EightLaw Lite
Version
* - 2.1.5
SystemWordPress Theme
≫
Produkt
Eightmedi Lite
Version
* - 2.1.8
SystemWordPress Theme
≫
Produkt
EightStore Lite
Version
* - 1.2.5
SystemWordPress Theme
≫
Produkt
Enlighten
Version
* - 1.3.5
SystemWordPress Theme
≫
Produkt
FotoGraphy
Version
* - 2.4.0
SystemWordPress Theme
≫
Produkt
Opstore
Version
* - 1.4.3
SystemWordPress Theme
≫
Produkt
ParallaxSome
Version
* - 1.3.6
SystemWordPress Theme
≫
Produkt
Punte
Version
* - 1.1.2
SystemWordPress Theme
≫
Produkt
Revolve
Version
* - 1.3.1
SystemWordPress Theme
≫
Produkt
Ripple
Version
* - 1.2.1
SystemWordPress Theme
≫
Produkt
Sakala
Version
* - 1.0.4
SystemWordPress Theme
≫
Produkt
ScrollMe
Version
* - 2.1.0
SystemWordPress Theme
≫
Produkt
StoreVilla
Version
* - 1.4.1
SystemWordPress Theme
≫
Produkt
Swing Lite
Version
* - 1.1.9
SystemWordPress Theme
≫
Produkt
The Launcher
Version
* - 1.3.2
SystemWordPress Theme
≫
Produkt
The Monday
Version
* - 1.4.1
SystemWordPress Theme
≫
Produkt
The100
Version
* - 1.1.2
SystemWordPress Theme
≫
Produkt
Ultra Seven
Version
* - 1.2.8
SystemWordPress Theme
≫
Produkt
Uncode Lite
Version
* - 1.3.3
SystemWordPress Theme
≫
Produkt
VMag
Version
* - 1.2.7
SystemWordPress Theme
≫
Produkt
VMagazine Lite
Version
* - 1.3.5
SystemWordPress Theme
≫
Produkt
Vmagazine News
Version
* - 1.0.5
SystemWordPress Theme
≫
Produkt
WP Store
Version
* - 1.1.9
SystemWordPress Theme
≫
Produkt
WPparallax
Version
* - 2.0.6
SystemWordPress Theme
≫
Produkt
Zigcy Baby
Version
* - 1.0.6
SystemWordPress Theme
≫
Produkt
Zigcy Cosmetics
Version
* - 1.0.5
SystemWordPress Theme
≫
Produkt
Zigcy Lite
Version
* - 2.0.9
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Accesspressthemes ≫ Access Demo Importer SwPlatformwordpress Version <= 1.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.404 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| audit@patchstack.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.