CVE-2022-1695

🗓️ 06 Jun 2022 08:51:30Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 60 Views🌐 WEB

The WP Simple Adsense Insertion WordPress plugin before 2.1 allows CSRF attacks

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-1695	8 Jun 202210:15	–	attackerkb
Circl	CVE-2022-1695	8 Jun 202214:45	–	circl
CNNVD	WordPress plugin WP Simple Adsense Insertion 跨站请求伪造漏洞	8 Jun 202200:00	–	cnnvd
CNVD	WordPress WP Simple Adsense Insertion plugin跨站请求伪造漏洞	13 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-1695 WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF	6 Jun 202208:51	–	cvelist
EUVD	EUVD-2022-24980	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1695	8 Jun 202210:15	–	nvd
OSV	CVE-2022-1695	8 Jun 202210:15	–	osv
Patchstack	WordPress WP Simple Adsense Insertion plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Ads and JavaScript injection	12 May 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	8 Jun 202210:15	–	prion

NVD

Vulners

Node

tipsandtricks-hq wp_simple_adsense_insertionRange<2.1wordpress

[
  {
    "product": "WP Simple Adsense Insertion",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.1",
        "status": "affected",
        "version": "2.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa

Parameter	Position	Path	Description	CWE
info_update	request body	wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php	CSRF vulnerability in admin update form allowing attacker to submit crafted POST to manipulate ads and inject JavaScript	CWE-352
wp_ad_camp_1_code	request body	wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php	CSRF vulnerability in admin update form allowing attacker to submit crafted POST to manipulate ads and inject JavaScript	CWE-352
wp_ad_camp_2_code	request body	wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php	CSRF vulnerability in admin update form allowing attacker to submit crafted POST to manipulate ads and inject JavaScript	CWE-352
wp_ad_camp_3_code	request body	wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php	CSRF vulnerability in admin update form allowing attacker to submit crafted POST to manipulate ads and inject JavaScript	CWE-352
wp_ad_camp_4_code	request body	wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php	CSRF vulnerability in admin update form allowing attacker to submit crafted POST to manipulate ads and inject JavaScript	CWE-352
wp_ad_camp_5_code	request body	wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php	CSRF vulnerability in admin update form allowing attacker to submit crafted POST to manipulate ads and inject JavaScript	CWE-352
wp_in_article_ad_code	request body	wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php	CSRF vulnerability in admin update form allowing attacker to submit crafted POST to manipulate ads and inject JavaScript	CWE-352
wp_post_article_ad_code	request body	wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php	CSRF vulnerability in admin update form allowing attacker to submit crafted POST to manipulate ads and inject JavaScript	CWE-352

21 Nov 2024 06:41Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

CVSS 24.3

EPSS0.00103

CWE-352