daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Description and classification CVE id fix in CVE-2022-1020.yaml

patch-1
forgedhallpass 2022-04-22 19:21:09 +03:00
parent 9e3dcb86e6
commit 99f8b1e4ae
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cves/2022/CVE-2022-1020.yaml
View File

@ -4,10 +4,12 @@ info:
name: Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
author: Akincibor
severity: high
description: The plugin does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.
description: The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument
reference:
- https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5
- https://nvd.nist.gov/vuln/detail/CVE-2022-1020
classification:
cve-id: CVE-2022-1020
tags: wp,wp-plugin,wordpress,cve,cve2022,unauth
requests: