The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/49abe79c-ab1c-4dbf-824c-8daaac7e079d | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-28T17:23:19
Updated: 2022-03-28T17:23:19
Reserved: 2022-02-27T00:00:00
Link: CVE-2022-0770
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-28T18:15:09.690
Modified: 2022-04-04T18:55:52.103
Link: CVE-2022-0770
JSON object: View
Redhat Information
No data.
CWE