Vulnerability Details CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.3
References
Products affected by CVE-2022-1895
-
cpe:2.3:a:underconstruction_project:underconstruction:-
-
cpe:2.3:a:underconstruction_project:underconstruction:1.0
-
cpe:2.3:a:underconstruction_project:underconstruction:1.01
-
cpe:2.3:a:underconstruction_project:underconstruction:1.02
-
cpe:2.3:a:underconstruction_project:underconstruction:1.03
-
cpe:2.3:a:underconstruction_project:underconstruction:1.04
-
cpe:2.3:a:underconstruction_project:underconstruction:1.05
-
cpe:2.3:a:underconstruction_project:underconstruction:1.06
-
cpe:2.3:a:underconstruction_project:underconstruction:1.07
-
cpe:2.3:a:underconstruction_project:underconstruction:1.08
-
cpe:2.3:a:underconstruction_project:underconstruction:1.09
-
cpe:2.3:a:underconstruction_project:underconstruction:1.10
-
cpe:2.3:a:underconstruction_project:underconstruction:1.11
-
cpe:2.3:a:underconstruction_project:underconstruction:1.12
-
cpe:2.3:a:underconstruction_project:underconstruction:1.13
-
cpe:2.3:a:underconstruction_project:underconstruction:1.14
-
cpe:2.3:a:underconstruction_project:underconstruction:1.15
-
cpe:2.3:a:underconstruction_project:underconstruction:1.17
-
cpe:2.3:a:underconstruction_project:underconstruction:1.18
-
cpe:2.3:a:underconstruction_project:underconstruction:1.19