CVE-2022-0770
Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
28 mar 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page
Produtos afetados
Unknown · Translate WordPress with GTranslateQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →