CVE-2022-0770

State: PUBLISHED · Published: 2022-03-28 · Updated: 2024-08-02 · Assigner: WPScan

Description

The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page

CWE

CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected

Unknown / Translate WordPress with GTranslate — v=2.9.9 <2.9.9 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/49abe79c-ab1c-4dbf-824c-8daaac7e079d x_refsource_MISC

Source

cvelistV5-main/cves/2022/0xxx/CVE-2022-0770.json