CVE-2022-1611

EUVD-2022-24900
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
bulk_page_creator_projectbulk_page_creator
𝑥
< 1.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/3843b867-7784-4976-b5ab-8a1e7d45618a
https://wpscan.com/vulnerability/3843b867-7784-4976-b5ab-8a1e7d45618a