CVE-2022-1758

Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF

EPSS 0.6%CWE-352

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 jun 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings.

Productos afectados

Unknown · Genki Pre-Publish Reminder

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/211816ce-d2bc-469b-9a8e-e0c2a5c4461b