Vulnerability Details CVE-2022-23975
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-arbitrary-plugin-activation
- https://wordpress.org/plugins/access-demo-importer/#developers
- https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-arbitrary-plugin-activation
- https://wordpress.org/plugins/access-demo-importer/#developers
Products affected by CVE-2022-23975
-
cpe:2.3:a:accesspressthemes:access_demo_importer:-
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.0
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.1
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.2
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.3
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.4
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.5
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.6
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.7