CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3677

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.0%

CVSS Severity

CVSS v3 Score 6.5

References

https://wpscan.com/vulnerability/5a7c6367-a3e6-4411-8865-2a9dbc9f1450
https://wpscan.com/vulnerability/5a7c6367-a3e6-4411-8865-2a9dbc9f1450

Products affected by CVE-2022-3677

Addonspress » Advanced Import » Version: Any

cpe:2.3:a:addonspress:advanced_import:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3677

Products

Pricing

Contact Us