Lucene search
WPScanCVE-2022-2276HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-2276
2022-08-2215:15:14
CWE-352
CWE-862
WPScan
web.nvd.nist.gov
42
4
cve-2022-2276
wp edit menu
wordpress plugin
unauthenticated attackers
csrf
ajax action
nvd
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
31.6%
The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog
Affected configurations
Node
wp_edit_menu_projectwp_edit_menuRange<1.5.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp_edit_menu_project | wp_edit_menu | * | cpe:2.3:a:wp_edit_menu_project:wp_edit_menu:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"product": "WP Edit Menu",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
prion
prion
Cross site request forgery (csrf)
2022-08-22 15:15:00
wpvulndb
wpvulndb
WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion
2022-08-01 00:00:00
cvelist
cvelist
CVE-2022-2276 WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion
2022-08-22 15:00:57
nvd
nvd
CVE-2022-2276
2022-08-22 15:15:14
wpexploit
wpexploit
WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion
2022-08-01 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
31.6%
Related for CVE-2022-2276