Vulnerability Description
The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webmaster Tools Verification Project | Webmaster Tools Verification | <= 1.2 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/337ee7ed-9ade-4567-b976-88386cbcf036ExploitThird Party Advisory
- https://wpscan.com/vulnerability/337ee7ed-9ade-4567-b976-88386cbcf036ExploitThird Party Advisory
FAQ
What is CVE-2022-3538?
CVE-2022-3538 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins
How severe is CVE-2022-3538?
CVE-2022-3538 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3538?
Check the references section above for vendor advisories and patch information. Affected products include: Webmaster Tools Verification Project Webmaster Tools Verification.