Vulnerabilities > CVE-2022-3677 - Unspecified vulnerability in Addonspress Advanced Import

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

addonspress

NVD

Published: 2022-12-05

Updated: 2023-11-07

Summary

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks

Vulnerable Configurations

Part	Description	Count
Application	Addonspress Addonspress Advanced Import *	1

References

https://wpscan.com/vulnerability/5a7c6367-a3e6-4411-8865-2a9dbc9f1450