CVE-2022-3850

2022-11-2814:15:18

WPScan

web.nvd.nist.gov

cve-2022-3850

wordpress

plugin

csrf

attack

security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

Affected configurations

Nvd

Vulners

Node

find_and_replace_all_projectfind_and_replace_allRange≤1.3wordpress

VendorProductVersionCPE
find_and_replace_all_projectfind_and_replace_all*cpe:2.3:a:find_and_replace_all_project:find_and_replace_all:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
find_and_replace_all_project	find_and_replace_all	*	cpe:2.3:a:find_and_replace_all_project:find_and_replace_all::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Find and Replace All",
    "collectionURL": "https://wordpress.org/plugins",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]