China National Vulnerability DatabaseCNVD-2022-58436WordPress Library File Manager plugin跨站请求伪造漏洞
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Library File Manager plugin has a cross-site request forgery vulnerability, which stems from the fact that the plugin uses an outdated version of the The vulnerability stems from the fact that the plugin uses an outdated version of the elFinder library, which does not have any authorization and CSRF checks in its connector AJAX operations, and can be exploited by authenticated attackers to spoof malicious requests and trick victims into clicking to perform sensitive actions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress library file manager plugin | lt | 5.2.3 |
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P