Lucene search
CVE-2022-1578
šļøĀ 21 Nov 2022Ā 11:19:15Reported byĀ WPScanTypeĀ 
Ā cvešĀ web.nvd.nist.govš°ļøĀ 7Ā Media mentionsšĀ 41Ā Viewsš WEB
The My wpdb WordPress plugin has a CSRF vulnerabilit
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Cross site request forgery (csrf) | 21 Nov 202211:15 | ā | prion |
 | WordPress My wpdb plugin <= 2.4 - Arbitrary SQL Query via Cross-Site Request Forgery (CSRF) vulnerability | 29 Oct 202200:00 | ā | patchstack |
 | WordPress My wpdb plugin cross-site request forgery vulnerability | 23 Nov 202200:00 | ā | cnvd |
 | My wpdb < 2.5 - Arbitrary SQL Query via CSRF | 28 Oct 202200:00 | ā | wpexploit |
 | My wpdb < 2.5 - Arbitrary SQL Query via CSRF | 28 Oct 202200:00 | ā | wpvulndb |
 | CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF | 21 Nov 202200:00 | ā | cvelist |
 | CVE-2022-1578 | 21 Nov 202211:15 | ā | nvd |
Node
[
{
"vendor": "Unknown",
"product": "My wpdb",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.5"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| umeta_id | request body | /wp-admin/?page=mywpdb_page&table=wp_usermeta&where%5Bumeta_id%5D=1 | CSRF vulnerability allowing execution of arbitrary SQL queries by a logged in admin. | CWE-352,Ā CWE-89 |
| user_id | request body | /wp-admin/?page=mywpdb_page&table=wp_usermeta&where%5Bumeta_id%5D=1 | CSRF vulnerability allowing execution of arbitrary SQL queries by a logged in admin. | CWE-352,Ā CWE-89 |
| meta_key | request body | /wp-admin/?page=mywpdb_page&table=wp_usermeta&where%5Bumeta_id%5D=1 | CSRF vulnerability allowing execution of arbitrary SQL queries by a logged in admin. | CWE-352,Ā CWE-89 |
| meta_value | request body | /wp-admin/?page=mywpdb_page&table=wp_usermeta&where%5Bumeta_id%5D=1 | CSRF vulnerability allowing execution of arbitrary SQL queries by a logged in admin. | CWE-352,Ā CWE-89 |
| mywpdbUpdateTrigger | request body | /wp-admin/?page=mywpdb_page&table=wp_usermeta&where%5Bumeta_id%5D=1 | CSRF vulnerability allowing execution of arbitrary SQL queries by a logged in admin. | CWE-352,Ā CWE-89 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactĀ us for a demo andĀ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo21 Nov 2022 11:15Current
8.8High risk
Vulners AI Score8.8
CVSS38.8
EPSS0.00258