The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/5a7c6367-a3e6-4411-8865-2a9dbc9f1450 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-12-05T16:50:30.656Z
Updated:
Reserved: 2022-10-24T09:26:45.842Z
Link: CVE-2022-3677
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-05T17:15:10.010
Modified: 2023-11-07T03:51:37.927
Link: CVE-2022-3677
JSON object: View
Redhat Information
No data.
CWE
No CWE.