Lucene search
China National Vulnerability DatabaseCNVD-2022-05104HistoryJan 14, 2022 - 12:00 a.m.
WordPress Modal Window plugin cross-site request forgery vulnerability
2022-01-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
wordpress
modal window plugin
cross-site request forgery
vulnerability
php language
administration menu
arbitrary files
arbitrary code
security
EPSS
0.001
Percentile
48.4%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The WordPress Modal Window plugin was vulnerable to cross-site request forgery prior to 5.2.2. The vulnerability stems from the plugin’s failure to effectively filter calls to remote file resources in the wow-company administration menu page, which can be exploited to include arbitrary files with PHP file with a PHP extension to execute arbitrary code.
Related
patchstack
patchstack
wpexploit
wpexploit
Modal Window < 5.2.2 - RFI leading to RCE via CSRF
2021-12-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-01-10 16:15:00
cvelist
cvelist
CVE-2021-25051 Modal Window < 5.2.2 - RFI leading to RCE via CSRF
2022-01-10 15:30:35
cve
cve
CVE-2021-25051
2022-01-10 16:15:09
wpvulndb
wpvulndb
Modal Window < 5.2.2 - RFI leading to RCE via CSRF
2021-12-05 00:00:00
nvd
nvd
CVE-2021-25051
2022-01-10 16:15:09