Search criteria
1 vulnerability by rotating_posts_project
CVE-2022-1847 (GCVE-0-2022-1847)
Vulnerability from cvelistv5 ā Published: 2022-06-27 08:58 ā Updated: 2024-08-03 00:17
VLAI
Title
Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF
Summary
The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d34ed713-4cca-4cā¦ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Rotating Posts |
Affected:
1.11 , ā¤ 1.11
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d34ed713-4cca-4cef-b431-f132f1b10aa6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rotating Posts",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.11",
"status": "affected",
"version": "1.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T08:58:08.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d34ed713-4cca-4cef-b431-f132f1b10aa6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rotating Posts \u003c= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1847",
"STATE": "PUBLIC",
"TITLE": "Rotating Posts \u003c= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rotating Posts",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.11",
"version_value": "1.11"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d34ed713-4cca-4cef-b431-f132f1b10aa6",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d34ed713-4cca-4cef-b431-f132f1b10aa6"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1847",
"datePublished": "2022-06-27T08:58:09.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:17:00.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}