Search criteria
1 vulnerability by bulk_page_creator_project
CVE-2022-1611 (GCVE-0-2022-1611)
Vulnerability from cvelistv5 – Published: 2022-05-30 08:36 – Updated: 2024-08-03 00:10
VLAI
Title
Bulk Page Creator < 1.1.4 - Arbitrary Page Creation via CSRF
Summary
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/3843b867-7784-49… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Bulk Page Creator |
Affected:
1.1.4 , < 1.1.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3843b867-7784-4976-b5ab-8a1e7d45618a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bulk Page Creator",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "1.1.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-30T08:36:06.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3843b867-7784-4976-b5ab-8a1e7d45618a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Bulk Page Creator \u003c 1.1.4 - Arbitrary Page Creation via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1611",
"STATE": "PUBLIC",
"TITLE": "Bulk Page Creator \u003c 1.1.4 - Arbitrary Page Creation via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bulk Page Creator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.4",
"version_value": "1.1.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3843b867-7784-4976-b5ab-8a1e7d45618a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3843b867-7784-4976-b5ab-8a1e7d45618a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1611",
"datePublished": "2022-05-30T08:36:06.000Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}