Lucene search
HistoryOct 10, 2022 - 9:15 p.m.
CVE-2022-3208
cve-2022-3208
simple file list
wordpress
plugin
csrf
security vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.4%
The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it’s content via a CSRF attack.
Affected configurations
Node
simplefilelistsimple-file-listRange<4.4.12
| Vendor | Product | Version | CPE |
|---|---|---|---|
| simplefilelist | simple\-file\-list | * | cpe:2.3:a:simplefilelist:simple\-file\-list:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Simple File List",
"versions": [
{
"version": "4.4.12",
"status": "affected",
"lessThan": "4.4.12",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Cross site request forgery (csrf)
2022-10-10 21:15:00
nvd
nvd
CVE-2022-3208
2022-10-10 21:15:11
cnvd
cnvd
WordPress Simple File List cross-site request forgery vulnerability
2022-10-12 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
Simple File List < 4.4.13 - Page Creation via CSRF
2022-09-19 00:00:00
cvelist
cvelist
CVE-2022-3208 Simple File List < 4.4.13 - Page Creation via CSRF
2022-10-10 00:00:00
wpexploit
wpexploit
Simple File List < 4.4.13 - Page Creation via CSRF
2022-09-19 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.4%
Related for CVE-2022-3208