CVE-2022-4426

Sažetak

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.

Reference

https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38
https://wpscan.com/vulnerability/7d3d6b9c-d1c1-4e23-b891-7c72e4e89c38

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

09-04-2025 - 19:15

Objavljeno

09-01-2023 - 23:15