CVE-2022-0134

🗓️ 21 Feb 2022 10:45:59Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 103 Views🌐 WEB

The AnyComment WordPress plugin before 0.2.18 is prone to CSRF attacks

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress 跨站请求伪造漏洞	21 Feb 202200:00	–	cnnvd
CNVD	WordPress Cross-Site Request Forgery Vulnerability (CNVD-2022-25195)	23 Feb 202200:00	–	cnvd
Cvelist	CVE-2022-0134 AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF	21 Feb 202210:45	–	cvelist
EUVD	EUVD-2022-15347	3 Oct 202520:07	–	euvd
NVD	CVE-2022-0134	21 Feb 202211:15	–	nvd
OSV	CVE-2022-0134	21 Feb 202211:15	–	osv
Patchstack	WordPress AnyComment plugin <= 0.2.17 - Arbitrary HyperComments Import/Revert via CSRF vulnerability	19 Jan 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	21 Feb 202211:15	–	prion
Qualys Blog	Identify Server-Side Attacks Using Qualys Periscope	1 Dec 202223:11	–	qualysblog
RedhatCVE	CVE-2022-0134	9 Jan 202610:45	–	redhatcve

NVD

Vulners

Node

bologer anycommentRange<0.2.18wordpress

[
  {
    "product": "AnyComment",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "0.2.18",
        "status": "affected",
        "version": "0.2.18",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85

Parameter	Position	Path	Description	CWE
r	query param	/wordpress/wp-admin/admin.php	Missing CSRF checks on Import and Revert HyperComments features enabling CSRF to trigger admin actions.	CWE-352
url	query param	/wordpress/wp-admin/admin.php	Missing CSRF checks on Import and Revert HyperComments features enabling CSRF to trigger admin actions.	CWE-352
revert	query param	/wordpress/wp-admin/admin.php	Missing CSRF checks on Import and Revert HyperComments features enabling CSRF to trigger admin actions.	CWE-352

21 Nov 2024 06:37Current

8.6High risk

Vulners AI Score8.6

CVSS 26.8

CVSS 3.18.8

EPSS0.00382

CWE-352