Lucene search
CVE-2022-3677
The Advanced Import WordPress plugin v1.3.8 does not have CSRF check during plugin installation, allowing attackers to install arbitrary plugins from WordPress.org and activate them via CSRF attacks
Show more
| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
 | Cross site request forgery (csrf) | 5 Dec 202217:15 | – | prion |
 | Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF | 14 Nov 202200:00 | – | wpvulndb |
 | CVE-2022-3677 Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF | 5 Dec 202216:50 | – | cvelist |
 | Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF | 14 Nov 202200:00 | – | wpexploit |
 | CVE-2022-3677 | 5 Dec 202217:15 | – | nvd |
Node
[
{
"vendor": "Unknown",
"product": "Advanced Import : One Click Import for WordPress or Theme Demo Data",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.3.8"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| slug | request body | /wp-admin/admin-ajax.php?action=install_plugin | CSRF vulnerability allows installation of arbitrary plugins by a logged-in admin. | CWE-352 |
| plugin | request body | /wp-admin/admin-ajax.php?action=install_plugin | CSRF vulnerability allows installation of arbitrary plugins by a logged-in admin. | CWE-352 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Dec 2022 17:15Current
6.5Medium risk
Vulners AI Score6.5
CVSS36.5
EPSS0.01996