WPScanCVE-2022-1967CVE-2022-1967
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
26.3%
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the pluginβs settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp-championship_project | wp-championship | * | cpe:2.3:a:wp-championship_project:wp-championship:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"product": "WP Championship",
"vendor": "Unknown",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
}
]Social References
More
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
26.3%