Lucene search

WPScanCVELIST:CVE-2022-2245

HistoryAug 01, 2022 - 12:50 p.m.

CVE-2022-2245 Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

2022-08-0112:50:45

CWE-352

WPScan

www.cve.org

cve-2022-2245

counter box

wordpress

csrf

activation

deactivation

admin

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

CNA Affected

[
  {
    "product": "Counter Box – WordPress  plugin for countdown, timer, counter",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.2.1",
        "status": "affected",
        "version": "1.2.1",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/33705003-1f82-4b0c-9b4b-d4de75da309c