Lucene search

PatchstackCVE-2022-36358

HistoryAug 25, 2022 - 6:15 p.m.

CVE-2022-36358

2022-08-2518:15:10

CWE-352

Patchstack

web.nvd.nist.gov

cve-2022-36358

cross-site request forgery

csrf

seo scout

wordpress

vulnerability

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings.

Affected configurations

Nvd

Vulners

Node

seoscoutseo_scoutRange≤0.9.83wordpress

VendorProductVersionCPE
seoscoutseo_scout*cpe:2.3:a:seoscout:seo_scout:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
seoscout	seo_scout	*	cpe:2.3:a:seoscout:seo_scout::::::wordpress::*

CNA Affected

[
  {
    "product": "SEO Scout",
    "vendor": "SEO Scout",
    "versions": [
      {
        "lessThanOrEqual": "0.9.83",
        "status": "affected",
        "version": "<= 0.9.83",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/ab-rankings-testing-tool/wordpress-seo-scout-plugin-0-9-83-cross-site-request-forgery-csrf-vulnerability

wordpress.org/plugins/ab-rankings-testing-tool/

Social References

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Related for CVE-2022-36358