Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation
CVE-2022-3538
6.5MEDIUM
Summary
The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins
Affected Version(s)
Webmaster Tools Verification 1.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Daniel Ruf