Lucene search
WPScanCVE-2022-4443HistoryJan 23, 2023 - 3:15 p.m.
CVE-2022-4443
2023-01-2315:15:14
WPScan
web.nvd.nist.gov
30
brutebank
wordpress plugin
csrf
security vulnerability
update settings
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.5%
The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
Affected configurations
Node
brutebankbrutebankRange<1.9wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "BruteBank",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.9"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site request forgery (csrf)
2023-01-23 15:15:00
wpvulndb
wpvulndb
BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF
2022-12-28 00:00:00
nvd
nvd
CVE-2022-4443
2023-01-23 15:15:14
wpexploit
wpexploit
BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF
2022-12-28 00:00:00
cvelist
cvelist
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.5%
Related for CVE-2022-4443