CVE-2022-1791

🗓️ 13 Jun 2022 12:42:58Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 71 Views🌐 WEB

The One Click Plugin Updater WordPress plugin has CSRF vulnerability

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2022-1791	13 Jun 202213:15	–	attackerkb
CNNVD	WordPress plugin One Click Plugin Updater 跨站请求伪造漏洞	13 Jun 202200:00	–	cnnvd
CNVD	WordPress One Click Plugin Updater plugin cross-site request forgery vulnerability	15 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-1791 One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF	13 Jun 202212:42	–	cvelist
EUVD	EUVD-2022-25071	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1791	13 Jun 202213:15	–	nvd
Patchstack	WordPress One Click Plugin Updater plugin <= 2.4.14 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability	23 May 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	13 Jun 202213:15	–	prion
RedhatCVE	CVE-2022-1791	22 May 202523:32	–	redhatcve
wpexploit	One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF	23 May 202200:00	–	wpexploit

NVD

Vulners

Node

one_click_plugin_updater_project one_click_plugin_updaterRange≤2.4.14wordpress

[
  {
    "product": "One Click Plugin Updater",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.4.14",
        "status": "affected",
        "version": "2.4.14",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/5c185269-cb3a-4463-8d73-b190813d4431

Parameter	Position	Path	Description	CWE
action	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
updater_plugin	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
enable_plugin_checks	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
plugin_check_interval	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
global_notices	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
mark_plugins_with_notifications	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
hide_notifications_for_inactive	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
hide_update_count_blurb	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
enable_wordpress_checks	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352
wordpress_check_interval	request body	/wp-admin/plugins.php?page=plugin_upgrade_options	CSRF vulnerability in plugin settings update allowing an authenticated admin to change settings via a forged request	CWE-352

21 Nov 2024 06:41Current

7.9High risk

Vulners AI Score7.9

CVSS 25.8

CVSS 3.18.1

EPSS0.00089

CWE-352