CVE-2022-1967
Last modified
CVE-2022-1967 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wp-Championship Project | Wp-Championship | < 9.3 |
References
- https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1967?
How severe is CVE-2022-1967?
How do I fix CVE-2022-1967?
Are you affected by CVE-2022-1967?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST