CVE-2022-2144

State: PUBLISHED · Published: 2022-07-17 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack

CWE

CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected

Unknown / Jquery Validation For Contact Form 7 — v=5.3 <5.3 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/419054d4-95e8-4f4a-b864-a98b3e18435a x_refsource_MISC

Source

cvelistV5-main/cves/2022/2xxx/CVE-2022-2144.json