Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation
CVE-2022-3538

6.5MEDIUM

Key Information:

Vendor

Wordpress
Status
Webmaster Tools Verification
Vendor
CVE Published:
14 November 2022

What is CVE-2022-3538?

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins

Affected Version(s)

Webmaster Tools Verification 1.2

References

https://wpscan.com/vulnerability/337ee7ed-9ade-4567-b976-...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Daniel Ruf
.