CVE-2022-3677

State: PUBLISHED · Published: 2022-12-05 · Updated: 2025-04-24 · Assigner: WPScan

Description

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks

CWE

(none)

Affected

Unknown / Advanced Import : One Click Import for WordPress or Theme Demo Data — v=0 <1.3.8 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/5a7c6367-a3e6-4411-8865-2a9dbc9f1450 exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2022/3xxx/CVE-2022-3677.json