ByteOS Network

CVE Vulnerability Details :

CVE-2022-27628

PUBLISHED

More Info Official Page

Assigner-Patchstack

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-06 Feb, 2023 | 12:14

▼CVE Numbering Authority (CNA)

WordPress WZone – Lite Version Plugin <= 3.1 Lite is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions.

Affected Products

Vendor

AA-Team

Product

WZone – Lite Version

Collection URL

https://wordpress.org/plugins

Package Name

woocommerce-amazon-affiliates-light-version

Default Status

unaffected

Versions

Affected

From n/a through 3.1 Lite (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-352	CWE-352 Cross-Site Request Forgery (CSRF)

Metrics

Version	Base score	Base severity	Vector
3.1	4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Impacts

CAPEC ID	Description
CAPEC-62	CAPEC-62 Cross Site Request Forgery

Credits

finder

ptsfence (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/woocommerce-amazon-affiliates-light-version/wordpress-wzone-lite-version-plugin-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	vdb-entry

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References