Lucene search
CVE-2022-3850
🗓️ 28 Nov 2022 14:18:15Reported by WPScanType 
cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 32 Views🌐 WEB
The Find and Replace All WordPress plugin before 1.3 allows CSRF attac
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Cross site request forgery (csrf) | 28 Nov 202214:15 | – | prion |
 | Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF | 3 Nov 202200:00 | – | wpvulndb |
 | Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF | 3 Nov 202200:00 | – | wpexploit |
 | CVE-2022-3850 | 28 Nov 202214:15 | – | nvd |
 | WordPress Find and Replace All plugin <= 1.3 - Cross-Site Request Forgery (CSRF) vulnerability | 3 Nov 202200:00 | – | patchstack |
 | CVE-2022-3850 Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF | 28 Nov 202213:47 | – | cvelist |
 | WordPress Find and Replace All plugin Cross-Site Request Forgery Vulnerability | 30 Nov 202200:00 | – | cnvd |
Node
[
{
"vendor": "Unknown",
"product": "Find and Replace All",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.3"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| findstr | request body | /wp-admin/admin.php?page=frasettings | Missing CSRF check allowing an authenticated admin to replace strings via a CSRF attack. | CWE-352 |
| replacestr | request body | /wp-admin/admin.php?page=frasettings | Missing CSRF check allowing an authenticated admin to replace strings via a CSRF attack. | CWE-352 |
| submit | request body | /wp-admin/admin.php?page=frasettings | Missing CSRF check allowing an authenticated admin to replace strings via a CSRF attack. | CWE-352 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo28 Nov 2022 14:15Current
4.5Medium risk
Vulners AI Score4.5
CVSS34.3
EPSS0.00062