CVE-2022-3098

🗓️ 26 Sep 2022 12:35:43Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 49 Views🌐 WEB

The Login Block IPs WordPress plugin lacks CSRF check, allowing admin settings change via CSR

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2022-3098	26 Sep 202216:22	–	circl
CNNVD	WordPress plugin Login Block IPs 跨站请求伪造漏洞	26 Sep 202200:00	–	cnnvd
CNVD	WordPress Login Block IPs Cross-Site Request Forgery Vulnerability	28 Sep 202200:00	–	cnvd
Cvelist	CVE-2022-3098 Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF	26 Sep 202212:35	–	cvelist
EUVD	EUVD-2022-42527	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3098	26 Sep 202213:15	–	nvd
OSV	CVE-2022-3098	26 Sep 202213:15	–	osv
Patchstack	WordPress Login Block IPs plugin <= 1.0.0 - Arbitrary Setting Update via Cross-Site Request Forgery (CSRF) vulnerability	5 Sep 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	26 Sep 202213:15	–	prion
Positive Technologies	PT-2022-20434 · WordPress · Login Block Ips	26 Sep 202200:00	–	ptsecurity

NVD

Vulners

Node

gunkastudios login_block_ipsRange≤1.0.0wordpress

[
  {
    "product": "Login Block IPs",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/f4fcf41b-c05d-4236-8e67-a52d0f94c80a

Parameter	Position	Path	Description	CWE
login-block-ips-form	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
security_code	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
ip1	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
ipdesc1	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
ip2	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
ipdesc2	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
ip3	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
ipdesc3	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
ip4	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352
ipdesc4	request body	/wp-admin/admin.php?page=login-block-ips%2Fadmin%2Fpartials%2Flogin-block-ips-admin-display.php	CSRF vulnerability allowing an authenticated admin to update settings	CWE-352

22 May 2025 15:15Current

4.4Medium risk

Vulners AI Score4.4

CVSS 3.14.3

EPSS0.00112

SSVC

CWE-352