← volver
CVE-2022-3097

LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF

CVSS 6.5 MEDIUMEPSS 0.3%
The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Productos afectados
Unknown · Plugin LBstopattack

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/9ebb8318-ebaf-4de7-b337-c91327685a43