Lucene search
HistoryNov 21, 2022 - 11:15 a.m.
CVE-2022-1578
wordpress
plugin
csrf
sql
admin
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
61.3%
The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack
Affected configurations
Node
my_wpdb_projectmy_wpdbRange<2.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| my_wpdb_project | my_wpdb | * | cpe:2.3:a:my_wpdb_project:my_wpdb:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2022-11-21 11:15:00
patchstack
patchstack
cve
cve
CVE-2022-1578
2022-11-21 11:15:19
cnvd
cnvd
WordPress My wpdb plugin cross-site request forgery vulnerability
2022-11-23 00:00:00
wpexploit
wpexploit
My wpdb < 2.5 - Arbitrary SQL Query via CSRF
2022-10-28 00:00:00
wpvulndb
wpvulndb
My wpdb < 2.5 - Arbitrary SQL Query via CSRF
2022-10-28 00:00:00
cvelist
cvelist
CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF
2022-11-21 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
61.3%
Related for NVD:CVE-2022-1578