Vulnerability Details CVE-2022-1630
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2022-1630
-
cpe:2.3:a:wp-email_project:wp-email:-
-
cpe:2.3:a:wp-email_project:wp-email:2.63
-
cpe:2.3:a:wp-email_project:wp-email:2.64
-
cpe:2.3:a:wp-email_project:wp-email:2.65
-
cpe:2.3:a:wp-email_project:wp-email:2.66
-
cpe:2.3:a:wp-email_project:wp-email:2.67
-
cpe:2.3:a:wp-email_project:wp-email:2.67.1
-
cpe:2.3:a:wp-email_project:wp-email:2.67.2
-
cpe:2.3:a:wp-email_project:wp-email:2.67.3
-
cpe:2.3:a:wp-email_project:wp-email:2.67.4
-
cpe:2.3:a:wp-email_project:wp-email:2.67.5
-
cpe:2.3:a:wp-email_project:wp-email:2.67.6
-
cpe:2.3:a:wp-email_project:wp-email:2.68.0
-
cpe:2.3:a:wp-email_project:wp-email:2.68.1
-
cpe:2.3:a:wp-email_project:wp-email:2.68.2