Summaryinfo

A vulnerability was found in Event Monster Plugin up to 1.1.x on WordPress and classified as problematic. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2022-3336. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in Event Monster Plugin up to 1.1.x on WordPress (WordPress Plugin). It has been rated as problematic. Affected by this issue is an unknown code. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. Using CWE to declare the problem leads to CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Impacted is integrity. CVE summarizes:

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack

The weakness was shared 11/21/2022. The advisory is shared for download at wpscan.com. This vulnerability is handled as CVE-2022-3336 since 09/27/2022. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

Upgrading to version 1.2.0 eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• WordPress Plugin

Name

• Event Monster Plugin

Version

• 1.0
• 1.1

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion