Calendar Event Multi View Plugin ka WordPress Kari ndiyam site laa request forgery

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Calendar Event Multi View Plugin on WordPress. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2, a cikin sashen $software_component. A sa manipulation ka Kari ndiyam site laa request forgery. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-352. Hakika, rauni an bayyana shi 08/16/2022 daga Mostafa Farzaneh. An raba bayanin tsaro don saukewa a vuldb.com. Wannan matsala ana saninta da CVE-2022-2846. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga exploit-db.com. 0-day shima, an ndiyam a wuro be $0-$5k. Once again VulDB remains the best source for vulnerability data.

5 Goyarwa · 72 Datenpunkte

FurɗeSúgá
08/16/2022 15:58		Gargadi 1/4
09/17/2022 08:00		Gargadi 2/4
10/20/2024 18:00		Gargadi 3/4
04/15/2025 16:43		Gargadi 4/4
04/30/2025 03:30
software_nameCalendar Event Multi View PluginCalendar Event Multi View PluginCalendar Event Multi View PluginCalendar Event Multi View PluginCalendar Event Multi View Plugin
software_platformWordPressWordPressWordPressWordPressWordPress
software_file/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2
vulnerability_cweCWE-352 (Kari ndiyam site laa request forgery)CWE-352 (Kari ndiyam site laa request forgery)CWE-352 (Kari ndiyam site laa request forgery)CWE-352 (Kari ndiyam site laa request forgery)CWE-352 (Kari ndiyam site laa request forgery)
vulnerability_risk11111
cvss3_vuldb_avNNNNN
cvss3_vuldb_acLLLLL
cvss3_vuldb_prNNNNN
cvss3_vuldb_uiRRRRR
cvss3_vuldb_sUUUUU
cvss3_vuldb_cNNNNN
cvss3_vuldb_iLLLLL
cvss3_vuldb_aNNNNN
cvss3_vuldb_ePPPPP
cvss3_vuldb_rcRRRRR
person_nameMostafa FarzanehMostafa FarzanehMostafa FarzanehMostafa FarzanehMostafa Farzaneh
exploit_availability11111
source_cveCVE-2022-2846CVE-2022-2846CVE-2022-2846CVE-2022-2846CVE-2022-2846
cna_responsibleVulDBVulDBVulDBVulDBVulDB
advisory_date1660600800 (08/16/2022)1660600800 (08/16/2022)1660600800 (08/16/2022)1660600800 (08/16/2022)1660600800 (08/16/2022)
software_typeCalendar SoftwareCalendar SoftwareCalendar SoftwareCalendar SoftwareCalendar Software
cvss2_vuldb_avNNNNN
cvss2_vuldb_acLLLLL
cvss2_vuldb_auNNNNN
cvss2_vuldb_ciNNNNN
cvss2_vuldb_iiPPPPP
cvss2_vuldb_aiNNNNN
cvss2_vuldb_ePOCPOCPOCPOCPOC
cvss2_vuldb_rcURURURURUR
cvss2_vuldb_rlNDNDNDNDND
cvss3_vuldb_rlXXXXX
cvss2_vuldb_basescore5.05.05.05.05.0
cvss2_vuldb_tempscore4.34.34.34.34.3
cvss3_vuldb_basescore4.34.34.34.34.3
cvss3_vuldb_tempscore3.93.93.93.93.9
cvss3_meta_basescore4.34.34.34.34.3
cvss3_meta_tempscore3.93.93.94.14.1
price_0day$0-$5k$0-$5k$0-$5k$0-$5k$0-$5k
advisory_urlhttps://vuldb.com/?id.206488https://vuldb.com/?id.206488https://vuldb.com/?id.206488https://vuldb.com/?id.206488
cve_assigned1660600800 (08/16/2022)1660600800 (08/16/2022)1660600800 (08/16/2022)1660600800 (08/16/2022)
cve_nvd_summaryA vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This vulnerability affects unknown code of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206488.A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This vulnerability affects unknown code of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206488.A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This vulnerability affects unknown code of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206488.A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This vulnerability affects unknown code of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206488.
exploit_urlhttps://www.exploit-db.com/exploits/51241https://www.exploit-db.com/exploits/51241https://www.exploit-db.com/exploits/51241
source_exploitdb512415124151241
exploit_publicity111
cvss4_vuldb_ePPP
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_prNNN
cvss4_vuldb_vcNNN
cvss4_vuldb_viLLL
cvss4_vuldb_vaNNN
cvss4_vuldb_atNNN
cvss4_vuldb_uiNNP
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss4_vuldb_bscore6.96.95.3
cvss4_vuldb_btscore5.55.52.1
cve_nvd_summaryesEl plugin de WordPress Calendar Event Multi View anterior a la versión 1.4.07 no dispone de comprobaciones de autorización y CSRF cuando se crea un evento, y también carece de sanitización así como de escapes en algunos de los campos del evento. Esto podría permitir a los atacantes no autentificados crear eventos arbitrarios y poner cargas útiles de Cross-Site Scripting en élEl plugin de WordPress Calendar Event Multi View anterior a la versión 1.4.07 no dispone de comprobaciones de autorización y CSRF cuando se crea un evento, y también carece de sanitización así como de escapes en algunos de los campos del evento. Esto podría permitir a los atacantes no autentificados crear eventos arbitrarios y poner cargas útiles de Cross-Site Scripting en él
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iLL
cvss3_nvd_aNN
cvss3_nvd_basescore4.34.3

GurɗoGumtiGada

Do you want to use VulDB in your project?

Use the official API to access entries easily!