CVE-2022-2260

The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.
Configurations

Configuration 1 (hide)

cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:00

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f - Exploit, Third Party Advisory

05 Aug 2022, 21:46

Type Values Removed Values Added
CPE cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References (MISC) https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f - (MISC) https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f - Exploit, Third Party Advisory

01 Aug 2022, 13:39

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-01 13:15

Updated : 2024-11-21 07:00


NVD link : CVE-2022-2260

Mitre link : CVE-2022-2260

CVE.ORG link : CVE-2022-2260


JSON object : View

Products Affected

givewp

  • givewp
CWE
CWE-352

Cross-Site Request Forgery (CSRF)