Podatność CVE-2022-3747
Publikacja: 2022-11-29

Opis:
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Low
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
Julien Ahrens
15.11.2022

 Referencje:
https://muffingroup.com/betheme/features/be-custom/
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-3747.txt
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3747
Copyright 2024, cxsecurity.com

 

Back to Top