CVE-2022-1572
published 2022-06-27CVE-2022-1572: The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as…
PriorityP339high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.53%
40.9th percentile
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| html2wp_project | html2wp | <= 1.0.0 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c938-72w7-26mv: The HTML2WP WordPress plugin through 1
ghsa_unreviewed·2022-06-28
CVE-2022-1572 [HIGH] CWE-352 GHSA-c938-72w7-26mv: The HTML2WP WordPress plugin through 1
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file
Red Hat
kernel: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work
vendor_redhat·2024-06-20·CVSS 5.5
CVE-2022-48719 [MEDIUM] CWE-833 kernel: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work
kernel: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work
In the Linux kernel, the following vulnerability has been resolved:
net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work
syzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]:
kworker/0:16/14617 is trying to acquire lock:
ffffffff8d4dd370 (&tbl->lock){++-.}-{2:2}, at: ___neigh_create+0x9e1/0x2990 net/core/neighbour.c:652
[...]
but task is already holding lock:
ffffffff8d4dd370 (&tbl->lock){++-.}-{2:2}, at: neigh_managed_work+0x35/0x250 net/core/neighbour.c:1572
The neighbor entry turned to NUD_FAILED state, where __neigh_event_send()
triggered an immediate probe as per commit cd28ca0a3dd1 ("neigh: reduce
arp latency") via neigh_probe() given table lock was
No detection rules found.
No public exploits indexed.
2022-06-27
Published