CVE-2022-1895
published 2022-06-20CVE-2022-1895: The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to…
PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.41%
32.9th percentile
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| underconstruction_project | underconstruction | < 1.20 | 1.20 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jccv-rx29-7277: The underConstruction WordPress plugin before 1
ghsa_unreviewed·2022-06-21
CVE-2022-1895 [MEDIUM] CWE-352 GHSA-jccv-rx29-7277: The underConstruction WordPress plugin before 1
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack
Red Hat
kernel: drm/msm: don't free the IRQ if it was not requested
vendor_redhat·2025-02-26·CVSS 5.5
CVE-2022-49458 [MEDIUM] kernel: drm/msm: don't free the IRQ if it was not requested
kernel: drm/msm: don't free the IRQ if it was not requested
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: don't free the IRQ if it was not requested
As msm_drm_uninit() is called from the msm_drm_init() error path,
additional care should be necessary as not to call the free_irq() for
the IRQ that was not requested before (because an error occured earlier
than the request_irq() call).
This fixed the issue reported with the following backtrace:
[ 8.571329] Trying to free already-free IRQ 187
[ 8.571339] WARNING: CPU: 0 PID: 76 at kernel/irq/manage.c:1895 free_irq+0x1e0/0x35c
[ 8.588746] Modules linked in: pmic_glink pdr_interface fastrpc qrtr_smd snd_soc_hdmi_codec msm fsa4480 gpu_sched drm_dp_aux_bus qrtr i2c_qcom_geni crct10dif_ce qcom_stats qcom_q6v5_pas dr
Red Hat
kernel: tty: goldfish: Fix free_irq() on remove
vendor_redhat·2025-02-26·CVSS 7.8
CVE-2022-49724 [HIGH] kernel: tty: goldfish: Fix free_irq() on remove
kernel: tty: goldfish: Fix free_irq() on remove
In the Linux kernel, the following vulnerability has been resolved:
tty: goldfish: Fix free_irq() on remove
Pass the correct dev_id to free_irq() to fix this splat when the driver
is unbound:
WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq
Trying to free already-free IRQ 65
Call Trace:
warn_slowpath_fmt
free_irq
goldfish_tty_remove
platform_remove
device_remove
device_release_driver_internal
device_driver_detach
unbind_store
drv_attr_store
...
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-20
Published