Lucene search
HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-2388
cve-2022-2388
wp coder
wordpress plugin
csrf
code deletion
security vulnerability
nvd
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.3%
The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack
Affected configurations
Node
silkypresssimple_custom_css_and_jsRange<2.5.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| silkypress | simple_custom_css_and_js | * | cpe:2.3:a:silkypress:simple_custom_css_and_js:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "WP Coder – add custom html, css and js code",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.5.3",
"status": "affected",
"version": "2.5.3",
"versionType": "custom"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2022-2388 WP Coder < 2.5.3 - Code Deletion via CSRF
2022-08-22 15:02:35
wpvulndb
wpvulndb
WP Coder < 2.5.3 - Code Deletion via CSRF
2022-07-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-08-22 15:15:00
nvd
nvd
CVE-2022-2388
2022-08-22 15:15:14
wpexploit
wpexploit
WP Coder < 2.5.3 - Code Deletion via CSRF
2022-07-26 00:00:00
patchstack
patchstack
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.3%
Related for CVE-2022-2388