CVE-2022-30337
WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update vis Cross-Site Request Forgery (CSRF) vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings.
Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin JoomUnited WP Meta SEO versiones anteriores a 4.4.8 incluyéndola en WordPress, permite a un atacante actualizar la configuración social
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.8. This is due to incorrect nonce validation which only verifies the presence of a nonce value rather than the on the validity of the nonce on a couple of cases in the loadPage() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-08 CVE Reserved
- 2022-06-22 CVE Published
- 2024-02-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://wordpress.org/plugins/wp-meta-seo/#developers | Release Notes |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://patchstack.com/database/vulnerability/wp-meta-seo/wordpress-wp-meta-seo-plugin-4-4-8-social-settings-update-vis-cross-site-request-forgery-csrf-vulnerability | 2022-07-25 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Joomunited Search vendor "Joomunited" | Wp Meta Seo Search vendor "Joomunited" for product "Wp Meta Seo" | < 4.4.9 Search vendor "Joomunited" for product "Wp Meta Seo" and version " < 4.4.9" | wordpress |
Affected
|