CVE-2022-3097

EUVD-2022-42526
The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
laubrotellbstopattack
𝑥
≤ 1.1.2
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/9ebb8318-ebaf-4de7-b337-c91327685a43
https://wpscan.com/vulnerability/9ebb8318-ebaf-4de7-b337-c91327685a43