Skip to main content

Security CVE-2022-29489

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2022-09-16 audit@patchstack.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 16, 2022 - 22:15 nvd
MEDIUM 4.3

DescriptionNVD

Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.

AnalysisAI

Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. Affected products include: Sucuri Security.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2024-0353 HIGH POC
7.8 Feb 15

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete file

CVE-2018-12636 HIGH POC
7.2 Jun 22

The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admi

CVE-2024-1619 HIGH
8.8 Feb 29

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. Rated high severity (CVSS 8.8)

CVE-2023-5594 HIGH
8.6 Dec 21

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certifi

CVE-2023-3160 HIGH
7.8 Aug 14

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or

CVE-2022-34893 HIGH
7.8 Sep 19

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could ma

CVE-2022-30703 HIGH
7.8 Jun 09

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allo

CVE-2018-7433 HIGH
7.5 Mar 02

The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. Rated

CVE-2022-35234 HIGH
7.1 Jul 30

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerabilit

CVE-2022-27167 HIGH
7.1 May 10

Privilege escalation vulnerability in Windows products of ESET, spol. Rated high severity (CVSS 7.1), this vulnerability

CVE-2018-6218 HIGH
7.0 Feb 16

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary c

Share

CVE-2022-29489 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy