CVE-2022-3097

🗓️ 25 Oct 2022 00:00:00Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 69 Views🌐 WEB

The Plugin LBstopattack WordPress plugin before 1.1.3 is susceptible to CSRF attacks

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2022-3097	7 May 202520:22	–	circl
CNNVD	WordPress plugin LBStopAttack 跨站请求伪造漏洞	25 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-3097 LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF	25 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-42526	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3097	25 Oct 202217:15	–	nvd
OSV	CVE-2022-3097	25 Oct 202217:15	–	osv
Patchstack	WordPress LBStopAttack plugin <= 1.1.2 - Cross-Site Request Forgery (CSRF) vulnerability	30 Sep 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	25 Oct 202217:15	–	prion
Positive Technologies	PT-2022-20426 · WordPress · Lbstopattack	25 Oct 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-3097	22 May 202522:51	–	redhatcve

NVD

Vulners

Node

laubrotel lbstopattackRange≤1.1.2wordpress

[
  {
    "vendor": "Unknown",
    "product": "Plugin LBstopattack",
    "collectionURL": "https://wordpress.org/plugins",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.1.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/9ebb8318-ebaf-4de7-b337-c91327685a43

Parameter	Position	Path	Description	CWE
savelbsa	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
onlyfront	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
checkwp	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
namespaces	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
levelLFI	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
sendnotification	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
sendto	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
raiseerror	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
redirurl	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352
errorcode	request body	/wp-admin/admin.php?page=lbsa_home	CSRF vulnerability due to lack of nonces for saving settings in LBstopattack plugin, enabling unauthorized POST requests to change settings.	CWE-352

17 Jun 2026 04:58Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.16.5

EPSS0.00346

SSVC