4.3

CVE-2022-29441

WordPress Private Messages For WordPress plugin <= 2.1.10 - Sending Messages via Cross-Site Request Forgery (CSRF) vulnerability

Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages.
Mögliche Gegenmaßnahme
Private Messages For WordPress: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Private Messages ProjectPrivate Messages SwPlatformwordpress Version <= 2.1.10
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Private Messages For WordPress
Version *-2.1.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.305
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
audit@patchstack.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://patchstack.com/database/vulnerability/private-messages-for-wordpress/wordpress-private-messages-for-wordpress-plugin-2-1-10-sending-messages-via-cross-site-request-forgery-csrf-vulnerability
Third Party Advisory
https://wordpress.org/plugins/private-messages-for-wordpress/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd7dfb3-bc73-4f6a-9827-0003452ebf59
Third Party Advisory