Vulnerability Details CVE-2022-23976
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.9%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.8
References
- https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-data-reset-posts-pages-media
- https://wordpress.org/plugins/access-demo-importer/#developers
- https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-data-reset-posts-pages-media
- https://wordpress.org/plugins/access-demo-importer/#developers
Products affected by CVE-2022-23976
-
cpe:2.3:a:accesspressthemes:access_demo_importer:-
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.0
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.1
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.2
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.3
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.4
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.5
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.6
-
cpe:2.3:a:accesspressthemes:access_demo_importer:1.0.7