Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 04/07/2022 Updated: 12/07/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The WP Championship WordPress plugin prior to 9.3 is lacking CSRF checks in various places, allowing malicious users to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Vulnerable Product	Search on Vulmon	Subscribe to Product
wp-championship project wp-championship

CWE-352 https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-1967

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect