Lucene search

[email protected]NVD:CVE-2022-2260

HistoryAug 01, 2022 - 1:15 p.m.

CVE-2022-2260

2022-08-0113:15:10

CWE-352

[email protected]

web.nvd.nist.gov

wordpress

csrf

givewp

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.9%

JSON

The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target’s CPU.

Affected configurations

Nvd

Node

givewpgivewpRange<2.21.3wordpress

VendorProductVersionCPE
givewpgivewp*cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
givewp	givewp	*	cpe:2.3:a:givewp:givewp::::::wordpress::*

References

wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.9%

JSON

Related for NVD:CVE-2022-2260

prion1 patchstack1 cvelist1 wpexploit1 cve1 wpvulndb1 openvas1