← back
CVE-2022-0134

AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF

EPSS 0.6%CWE-352
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Feb 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Affected products
Unknown · AnyComment

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85