Lucene search

[email protected]NVD:CVE-2022-35730

HistoryDec 04, 2022 - 11:15 p.m.

CVE-2022-35730

2022-12-0423:15:09

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-35730

cross-site request forgery

oceanwp

sticky header plugin

wordpress

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.7%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.

Affected configurations

Nvd

Node

oceanwpsticky_headerRange≤1.0.8wordpress

VendorProductVersionCPE
oceanwpsticky_header*cpe:2.3:a:oceanwp:sticky_header:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
oceanwp	sticky_header	*	cpe:2.3:a:oceanwp:sticky_header::::::wordpress::*

References

patchstack.com/database/vulnerability/sticky-header-oceanwp/wordpress-oceanwp-sticky-header-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.7%

JSON

Related for NVD:CVE-2022-35730

prion1 wpvulndb1 patchstack1 cve1 cvelist1