CVE-2022-38704 - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Clogica	Seo Redirection

Configuration 1 [-]

cpe:2.3:a:clogica:seo_redirection:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve	Broken Link
https://wordpress.org/plugins/seo-redirection/#developers	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-09-23T00:00:00

Updated: 2022-09-23T18:32:54

Reserved: 2022-09-08T00:00:00

Link: CVE-2022-38704

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-23T19:15:14.597

Modified: 2022-09-26T15:18:47.320

Link: CVE-2022-38704

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "SEO Redirection Plugin \u2013 301 Redirect Manager (WordPress plugin)", "vendor": "WP-buy", "versions": [{"lessThanOrEqual": "8.9", "status": "affected", "version": "<= 8.9", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"}], "datePublic": "2022-09-23T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-23T18:32:54", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/seo-redirection/#developers"}], "solutions": [{"lang": "en", "value": "Update to 9.1 or higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-09-23T09:49:00.000Z", "ID": "CVE-2022-38704", "STATE": "PUBLIC", "TITLE": "WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager (WordPress plugin)", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 8.9", "version_value": "8.9"}]}}]}, "vendor_name": "WP-buy"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"}, {"name": "https://wordpress.org/plugins/seo-redirection/#developers", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/seo-redirection/#developers"}]}, "solution": [{"lang": "en", "value": "Update to 9.1 or higher version."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-38704", "datePublished": "2022-09-23T00:00:00", "dateReserved": "2022-09-08T00:00:00", "dateUpdated": "2022-09-23T18:32:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clogica:seo_redirection:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "577759A9-717D-47AE-A27E-3A5B79BB87D6", "versionEndIncluding": "8.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin SEO Redirection versiones anteriores a 8.9 incluy\u00e9ndola en WordPress, conllevando a una eliminaci\u00f3n de errores 404 y del historial de redireccionamiento.\n"}], "id": "CVE-2022-38704", "lastModified": "2022-09-26T15:18:47.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2022-09-23T19:15:14.597", "references": [{"source": "audit@patchstack.com", "tags": ["Broken Link"], "url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"}, {"source": "audit@patchstack.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/seo-redirection/#developers"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Primary"}]}