CVE-2022-0770
Last modified
CVE-2022-0770 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gtranslate | Translate Wordpress With Gtranslate | < 2.9.9 |
References
- https://wpscan.com/vulnerability/49abe79c-ab1c-4dbf-824c-8daaac7e079dExploit, Third Party Advisory
- https://wpscan.com/vulnerability/49abe79c-ab1c-4dbf-824c-8daaac7e079dExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-0770?
How severe is CVE-2022-0770?
How do I fix CVE-2022-0770?
Are you affected by CVE-2022-0770?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST