Lucene search
WPScanCVE-2022-3677HistoryDec 05, 2022 - 5:15 p.m.
CVE-2022-3677
2022-12-0517:15:10
WPScan
web.nvd.nist.gov
29
cve-2022-3677
advanced import
wordpress plugin
csrf
plugin installation
security vulnerability
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.0%
The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks
Affected configurations
Node
addonspressadvanced_importRange<1.3.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| addonspress | advanced_import | * | cpe:2.3:a:addonspress:advanced_import:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Advanced Import : One Click Import for WordPress or Theme Demo Data",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.3.8"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
wpvulndb
wpvulndb
prion
prion
Cross site request forgery (csrf)
2022-12-05 17:15:00
wpexploit
wpexploit
nvd
nvd
CVE-2022-3677
2022-12-05 17:15:10
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.0%
Related for CVE-2022-3677