Lucene search
HistorySep 19, 2022 - 2:15 p.m.
CVE-2022-1591
wordpress
ping optimizer
csrf
attack
security
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
25.9%
The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected configurations
Node
wordpress_ping_optimizer_projectwordpress_ping_optimizerRange<2.35.1.3.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress_ping_optimizer_project | wordpress_ping_optimizer | * | cpe:2.3:a:wordpress_ping_optimizer_project:wordpress_ping_optimizer:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF
2022-08-23 00:00:00
patchstack
patchstack
cve
cve
CVE-2022-1591
2022-09-19 14:15:10
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2022-09-19 14:15:00
wpexploit
wpexploit
WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF
2022-08-23 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
25.9%
Related for NVD:CVE-2022-1591