Lucene search
China National Vulnerability DatabaseCNVD-2023-74812HistoryOct 31, 2022 - 12:00 a.m.
WordPress demon image annotation cross-site request forgery vulnerability
2022-10-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
wordpress
php
mysql
cross-site request forgery
nonce validation
settings.php
attacker
plugin settings
malicious web scripts
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce validation in its ~/includes/settings.php file, and can be exploited by an attacker to modify the plugin’s settings and inject malicious web scripts via forged requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress demon image annotation | le | 4.7 |
Related
wpvulndb
wpvulndb
patchstack
patchstack
nvd
nvd
CVE-2022-2864
2022-10-28 17:15:22
cvelist
cvelist
CVE-2022-2864
2022-10-28 16:52:09
prion
prion
Cross site request forgery (csrf)
2022-10-28 17:15:00
cve
cve
CVE-2022-2864
2022-10-28 17:15:22