CVE-2022-3208

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 58.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Simple File ListSimplefilelist Simple-file-list
Timeline
PublishedOct 10
Latest updateOct 11

Description

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/simple_file_list4.4.124.4.12

🔴Vulnerability Details

2
GHSA
GHSA-8vqq-c5g5-395p: The Simple File List WordPress plugin before 42022-10-11
CVEList
Simple File List < 4.4.13 - Page Creation via CSRF2022-10-10
CVE-2022-3208 (MEDIUM CVSS 6.5) | The Simple File List WordPress plug | cvebase.io