The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/browser/find-any-think/trunk/inc/config/create-plugin-admin.php | Exploit Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/1d063d01-5f67-4c7f-ab71-01708456e82b?source=cve | Third Party Advisory |
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-06-13T13:13:21
Updated: 2023-10-20T15:06:01.786Z
Reserved: 2022-05-16T00:00:00
Link: CVE-2022-1749
JSON object: View
NVD Information
Status : Modified
Published: 2022-06-13T14:15:08.577
Modified: 2023-11-07T03:42:10.207
Link: CVE-2022-1749
JSON object: View
Redhat Information
No data.
CWE