To plugin page

Fixed

WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

8.1

CVSS 3.1 score High severity

Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Access Demo Importer

Type

Plugin

Vulnerable versions

<= 1.0.7

Fixed in

1.0.8

PSID

7a04b7265e5a

CVE ID

CVE-2022-23976

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Required privilege

Credits

Ex.Mi (Patchstack)

Publicly disclosed

2022-01-24

Details

Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media) discovered by Ex.Mi (Patchstack) in WordPress Access Demo Importer plugin (versions <= 1.0.7).

Solution

Update the WordPress Access Demo Importer plugin to the latest available version (at least 1.0.8).

References

CVE-2022-23976 Plugin page

WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

Details

Solution

References

Other known vulnerabilities for Access Demo Importer

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

Details

Solution

References

Other known vulnerabilities for Access Demo Importer

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

Let us know if we have missed a vulnerability reported elsewhere

Thank you for contributing!