CVE-2022-3677

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks
References
Configurations

Configuration 1

cpe:2.3:a:addonspress:advanced_import:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-12-05 05:15

Updated : 2022-12-06 05:42


NVD link : CVE-2022-3677

Mitre link : CVE-2022-3677

Products Affected
No products.
CWE