CVE-2022-3677
CVSS V2 None
CVSS V3 None
Description
The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks
Overview
- CVE ID
- CVE-2022-3677
- Assigner
- contact@wpscan.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-05T17:15:10.010
- Last Modified Date
- 2022-12-06T17:42:43.363
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:addonspress:advanced_import:*:*:*:*:*:wordpress:*:* | 1 | OR | 1.3.8 |
References
| Reference URL | Reference Tags |
|---|---|
| https://wpscan.com/vulnerability/5a7c6367-a3e6-4411-8865-2a9dbc9f1450 | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-3677 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3677 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-07 18:06:34 | Added to TrackCVE |