Lucene search
WPScanCVE-2022-3688HistoryNov 21, 2022 - 11:15 a.m.
CVE-2022-3688
2022-11-2111:15:20
WPScan
web.nvd.nist.gov
30
8
cve-2022-3688
nvd
wpqa builder
wordpress
csrf
security
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.002
Percentile
61.3%
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks
Affected configurations
Node
2codewpqa_builderRange<5.9wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 2code | wpqa_builder | * | cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WPQA Builder",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "5.9"
}
],
"defaultStatus": "unaffected"
}
]Social References
More
Related
patchstack
patchstack
cvelist
cvelist
CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF
2022-11-21 00:00:00
cnvd
cnvd
WordPress WPQA Builder Cross-Site Request Forgery Vulnerability
2022-11-23 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-11-21 11:15:00
nvd
nvd
CVE-2022-3688
2022-11-21 11:15:20
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.002
Percentile
61.3%
Related for CVE-2022-3688