CVE-2022-1967

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
Configurations

Configuration 1 (hide)

cpe:2.3:a:wp-championship_project:wp-championship:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:41

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9 - Exploit, Third Party Advisory

12 Jul 2022, 18:32

Type Values Removed Values Added
References (MISC) https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9 - (MISC) https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.5
CPE cpe:2.3:a:wp-championship_project:wp-championship:*:*:*:*:*:wordpress:*:*

04 Jul 2022, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-04 13:15

Updated : 2024-11-21 06:41


NVD link : CVE-2022-1967

Mitre link : CVE-2022-1967

CVE.ORG link : CVE-2022-1967


JSON object : View

Products Affected

wp-championship_project

  • wp-championship
CWE
CWE-352

Cross-Site Request Forgery (CSRF)