CVE-2022-0770
Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
28 mar 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page
Productos afectados
Unknown · Translate WordPress with GTranslate¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →