Lucene search
K

CVE-2022-1757

🗓️ 11 Jul 2022 12:56:16Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 67 Views🌐 WEB

The pagebar WordPress plugin before 2.70 lacks CSRF and sanitization check, leading to potential admin settings modification via CSRF attack and Stored XSS issues

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-1757
11 Jul 202213:15
attackerkb
Circl
CVE-2022-1757
11 Jul 202216:19
circl
CNNVD
WordPress plugin Pagebar Phlox 跨站脚本漏洞
11 Jul 202200:00
cnnvd
CNVD
WordPress Pagebar plugin跨站脚本漏洞
13 Jul 202200:00
cnvd
Cvelist
CVE-2022-1757 Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS
11 Jul 202212:56
cvelist
EUVD
EUVD-2022-25038
3 Oct 202520:07
euvd
NVD
CVE-2022-1757
11 Jul 202213:15
nvd
OSV
CVE-2022-1757
11 Jul 202213:15
osv
Patchstack
WordPress Pagebar plugin <= 2.65 - Arbitrary Settings Update via CSRF vulnerability to Stored XSS
15 Jun 202200:00
patchstack
Prion
Cross site request forgery (csrf)
11 Jul 202213:15
prion
Rows per page
NVD
Vulners
Node
pagebar_projectpagebarRange<2.70wordpress
[
  {
    "product": "pagebar",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.70",
        "status": "affected",
        "version": "2.70",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
option_pagerequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
actionrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
post_leftrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
post_centerrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
post_rightrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
post_pbTextrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
post_standardrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
post_currentrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
post_firstrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
post_lastrequest body/wp-admin/options-general.php?page=pagebar_options.phpCSRF vulnerability allowing a logged-in admin to modify settings via a crafted request, with potential stored XSS due to insufficient sanitisation of inputs.CWE-352CWE-79
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:23Current
5.2Medium risk
Vulners AI Score5.2
CVSS 23.5
CVSS 3.15.4
EPSS0.00296
67