Lucene search
China National Vulnerability DatabaseCNVD-2022-55705HistoryJun 15, 2022 - 12:00 a.m.
WordPress One Click Plugin Updater plugin跨站请求伪造漏洞
2022-06-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
18
wordpress
plugin
cross-site request forgery
security
configuration
vulnerability
update
EPSS
0.001
Percentile
26.3%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress One Click Plugin Updater plugin version 2.4.14 and earlier is vulnerable to cross-site request forgery, which stems from the plugin’s failure to perform CSRF check when updating its settings. An attacker could use this vulnerability to cause the logged-in administrator to change its configuration and disable/hide the flagging of available updates and related checks.
Related
prion
prion
Cross site request forgery (csrf)
2022-06-13 13:15:00
cvelist
cvelist
cve
cve
CVE-2022-1791
2022-06-13 13:15:12
patchstack
patchstack
nvd
nvd
CVE-2022-1791
2022-06-13 13:15:12
wpvulndb
wpvulndb
One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF
2022-05-23 00:00:00
wpexploit
wpexploit
One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF
2022-05-23 00:00:00