CVE-2022-1885

🗓️ 27 Jun 2022 08:58:14Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 72 Views🌐 WEB

The Cimy Header Image Rotator WordPress plugin through 6.1.1 lacks CSRF protectio

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2022-1885	27 Jun 202209:15	–	attackerkb
CNNVD	WordPress plugin Cimy Header Image Rotator 跨站请求伪造漏洞	27 Jun 202200:00	–	cnnvd
CNVD	WordPress Cimy Header Image Rotator plugin跨站请求伪造漏洞	30 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-1885 Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF	27 Jun 202208:58	–	cvelist
EUVD	EUVD-2022-25157	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1885	27 Jun 202209:15	–	nvd
Prion	Cross site request forgery (csrf)	27 Jun 202209:15	–	prion
RedhatCVE	CVE-2022-1885	23 May 202501:11	–	redhatcve
wpexploit	Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF	1 Jun 202200:00	–	wpexploit
WPVulnDB	Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF	1 Jun 202200:00	–	wpvulndb

NVD

Vulners

Node

cimy_header_image_rotator_project cimy_header_image_rotatorRange≤6.1.1wordpress

[
  {
    "product": "Cimy Header Image Rotator",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "6.1.1",
        "status": "affected",
        "version": "6.1.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/8416cbcf-086d-42ff-b2a4-f3954c8ff0c8

Parameter	Position	Path	Description	CWE
filelinks[69wclb.jpg]	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to change plugin settings via unauthorized POST requests.	CWE-352
filetext[69wclb.jpg]	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to change plugin settings via unauthorized POST requests.	CWE-352
filelinks[69wcmd.jpg]	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to change plugin settings via unauthorized POST requests.	CWE-352
filetext[69wcmd.jpg]	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to change plugin settings via unauthorized POST requests.	CWE-352
submitButtonName	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to change plugin settings via unauthorized POST requests.	CWE-352
cimy_hir_post	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to update multiple image rotator settings via unauthorized POST requests.	CWE-352
hir_name	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to update multiple image rotator settings via unauthorized POST requests.	CWE-352
hir_images_source	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to update multiple image rotator settings via unauthorized POST requests.	CWE-352
hir_swap_rate	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to update multiple image rotator settings via unauthorized POST requests.	CWE-352
hir_swap_type	request body	/wp-admin/options-general.php?page=cimy_header_image_rotator	CSRF vulnerability allowing a logged-in admin to update multiple image rotator settings via unauthorized POST requests.	CWE-352

21 Nov 2024 06:41Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

CVSS 24.3

EPSS0.00142

CWE-352