CVE-2022-3336

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/57bc6633-1aeb-4c20-a2a5-9b3fa10ba95d	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:awplife:event_monster:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-11-21 11:15

Updated : 2023-11-07 03:51

NVD link : CVE-2022-3336

Mitre link : CVE-2022-3336

CVE.ORG link : CVE-2022-3336

JSON object : View

Products Affected

awplife

event_monster

CWE

No CWE.

4.3 /10