Lucene search

[email protected]NVD:CVE-2022-4443

HistoryJan 23, 2023 - 3:15 p.m.

CVE-2022-4443

2023-01-2315:15:14

[email protected]

web.nvd.nist.gov

brutebank wordpress plugin

csrf attack

settings update

security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.5%

JSON

The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

Affected configurations

Nvd

Node

brutebankbrutebankRange<1.9wordpress

VendorProductVersionCPE
brutebankbrutebank*cpe:2.3:a:brutebank:brutebank:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
brutebank	brutebank	*	cpe:2.3:a:brutebank:brutebank::::::wordpress::*

References

wpscan.com/vulnerability/1e621d62-13c7-4b2f-96ca-3617a796d037

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.5%

JSON

Related for NVD:CVE-2022-4443

prion1 wpvulndb1 wpexploit1 cvelist1 cve1