Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-85531
HistoryNov 24, 2022 - 12:00 a.m.

WordPress All-In-One Security (AIOS) - Security and Firewall plugin cross-site request forgery vulnerability

2022-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
9

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress All-In-One Security (AIOS) - Security and Firewall plugin version 5.1.0 and earlier is vulnerable to cross-site request forgery, which is caused by its inability to check random numbers for bulk operations and can be exploited to launch cross-site request forgery attacks.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Related for CNVD-2022-85531