CVE-2022-1608

🗓️ 13 Jun 2022 12:42:09Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 71 Views🌐 WEB

The OnePress Social Locker WordPress plugin has CSRF vulnerability allowing attackers to make logged in admin change setting

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-1608	13 Jun 202213:15	–	attackerkb
CNNVD	WordPress plugin OnePress Social Locker 跨站请求伪造漏洞	13 Jun 202200:00	–	cnnvd
CNVD	WordPress OnePress Social Locker plugin cross-site request forgery vulnerability	15 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-1608 OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF	13 Jun 202212:42	–	cvelist
EUVD	EUVD-2022-24897	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1608	13 Jun 202213:15	–	nvd
OSV	CVE-2022-1608	13 Jun 202213:15	–	osv
Patchstack	WordPress OnePress Social Locker plugin <= 5.6.2 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability	18 May 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	13 Jun 202213:15	–	prion
RedhatCVE	CVE-2022-1608	22 May 202522:05	–	redhatcve

NVD

Vulners

Node

byonepress social_lockerRange≤5.6.2wordpress

[
  {
    "product": "OnePress Social Locker",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "5.6.2",
        "status": "affected",
        "version": "5.6.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/56d2d55b-bd09-47af-988c-7f47eec4151f

Parameter	Position	Path	Description	CWE
terms_enabled_is_active	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
opanda_terms_enabled	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
privacy_enabled_is_active	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
opanda_privacy_enabled	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
terms_use_pages_is_active	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
terms_of_use_text_is_active	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
opanda_terms_of_use_text	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
privacy_policy_text_is_active	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
opanda_privacy_policy_text	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352
terms_of_use_page_is_active	request body	/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms	CSRF vulnerability: update of settings via POST without proper CSRF protection	CWE-352

21 Nov 2024 06:41Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 3.16.5

EPSS0.0014

CWE-352