CVE-2022-2260
CVSS V2 None
CVSS V3 Medium 6.5
Description
The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.
Overview
- CVE ID
- CVE-2022-2260
- Assigner
- contact@wpscan.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-08-01T13:15:10
- Last Modified Date
- 2022-08-05T21:46:02
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:* | 1 | OR | 2.21.3 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- HIGH
- Base Score
- 6.5
- Base Severity
- MEDIUM
- Exploitability Score
- 2.8
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-2260 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2260 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-08-01 14:00:06 | Added to TrackCVE |