CVE-2022-0770

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 46.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Translate Wordpress With GtranslateGtranslate Translate Wordpress With Gtranslate
Timeline
PublishedMar 28
Latest updateMar 29

Description

The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-pgcx-vfvx-q6c9: The Translate WordPress with GTranslate WordPress plugin before 22022-03-29
CVEList
Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover2022-03-28