CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF
CVE-2022-2184

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Captcha 4WP
Vendor: CVE Published:; 1 August 2022

Summary

The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.

Affected Version(s)

CAPTCHA 4WP 7.1.0

References

https://wpscan.com/vulnerability/e777784f-5ba0-4966-be27-...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2022
Vulnerability Reserved
Jun 22, 2022

Credit

ZhongFu Su(JrXnm) of WuHan University