CVE-2022-40131 — Cross-Site Request Forgery in Software Page View Count

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

4.3MEDIUMNVD

CNA5.4

EPSS

0.1%

top 73.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

A3rev Software Page View Count A3rev Page View Count

Timeline

PublishedNov 3

Latest updateNov 4

Description

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5a3rev_software/page_view_count2.5.5

▶NVDa3rev/page_view_count2.5.5

🔴Vulnerability Details

GHSA

GHSA-vfhp-wcj2-733h: Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2↗2022-11-04

▶

CVEList

WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability↗2022-11-03

▶