Vulnerabilities > CVE-2022-4443 - Unspecified vulnerability in Brutebank

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

brutebank

NVD

Published: 2023-01-23

Updated: 2023-11-07

Summary

The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

Vulnerable Configurations

Part	Description	Count
Application	Brutebank Brutebank Brutebank *	1

References

https://wpscan.com/vulnerability/1e621d62-13c7-4b2f-96ca-3617a796d037