Lucene search
HistoryOct 10, 2022 - 9:15 p.m.
CVE-2022-3208
wordpress
simple file list
csrf
cve-2022-3208
nonce checks
admin
page
content
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.5%
The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it’s content via a CSRF attack.
Affected configurations
Node
simplefilelistsimple-file-listRange<4.4.12wordpress
Related
cve
cve
CVE-2022-3208
2022-10-10 21:15:11
cnvd
cnvd
WordPress Simple File List cross-site request forgery vulnerability
2022-10-12 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-10-10 21:15:00
wpexploit
wpexploit
Simple File List < 4.4.13 - Page Creation via CSRF
2022-09-19 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
Simple File List < 4.4.13 - Page Creation via CSRF
2022-09-19 00:00:00
cvelist
cvelist
CVE-2022-3208 Simple File List < 4.4.13 - Page Creation via CSRF
2022-10-10 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.5%
Related for NVD:CVE-2022-3208