Vulnerabilities > CVE-2022-2912 - Server-Side Request Forgery (SSRF) vulnerability in Craw-Data Project Craw-Data

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
craw-data-project
CWE-918

Summary

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).

Vulnerable Configurations

Part Description Count
Application
Craw-Data_Project
1

Common Weakness Enumeration (CWE)