WordPress WP-Advanced-Search Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2022-47447

8.8HIGH

Key Information:

Vendor: Wordpress
Status: WordPress WP-advanced-search
Vendor: CVE Published:; 24 May 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WP-Advanced-Search plugin for WordPress, affecting versions up to 3.3.8. This vulnerability could allow an attacker to trick an authenticated user into performing unintended actions on their WordPress site without their knowledge. It is crucial for users of the plugin to ensure they are running the latest version, as failure to mitigate this vulnerability may lead to unauthorized actions within their WordPress environment.

Affected Version(s)

WordPress WP-Advanced-Search <= 3.3.8

References

https://patchstack.com/database/vulnerability/wp-advanced...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
Dec 15, 2022

Credit

rezaduty (Patchstack Alliance)