CVE-2022-3538

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins
Configurations

Configuration 1 (hide)

cpe:2.3:a:webmaster_tools_verification_project:webmaster_tools_verification:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:19

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/337ee7ed-9ade-4567-b976-88386cbcf036 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/337ee7ed-9ade-4567-b976-88386cbcf036 - Exploit, Third Party Advisory

21 Jul 2023, 21:05

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-14 15:15

Updated : 2024-11-21 07:19


NVD link : CVE-2022-3538

Mitre link : CVE-2022-3538

CVE.ORG link : CVE-2022-3538


JSON object : View

Products Affected

webmaster_tools_verification_project

  • webmaster_tools_verification
CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization