CVE-2022-3427

The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger the deletion of ads via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/corner-ad/trunk/corner-ad.php?rev=2782613#L240	Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2765630%40corner-ad%2Ftrunk&old=2719671%40corner-ad%2Ftrunk&sfp_email=&sfph_mail=	Patch Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6c5e9a-754f-41c8-b27b-caa133b5070f	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dwbooster:corner_ad:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 03:51

Type	Values Removed	Values Added
CWE	~~CWE-352~~

Information

Published : 2022-12-15 19:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-3427

Mitre link : CVE-2022-3427

CVE.ORG link : CVE-2022-3427

JSON object : View

Products Affected

dwbooster

corner_ad

CWE

No CWE.

{"id": "CVE-2022-3427", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-12-15T19:15:21.947", "references": [{"url": "https://plugins.trac.wordpress.org/browser/corner-ad/trunk/corner-ad.php?rev=2782613#L240", "tags": ["Exploit", "Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2765630%40corner-ad%2Ftrunk&old=2719671%40corner-ad%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Patch", "Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6c5e9a-754f-41c8-b27b-caa133b5070f", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger the deletion of ads via forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "Corner Ad plugin for WordPress es vulnerable a la Cross-Site Request Forgery (CSRF) en versiones hasta la 1.0.56 inclusive. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en su funci\u00f3n corner_ad_settings_page. Esto hace posible que atacantes no autenticados activen la eliminaci\u00f3n de anuncios mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "lastModified": "2023-11-07T03:51:14.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dwbooster:corner_ad:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4A05C09D-9B12-461C-B532-39D1A214AB8C", "versionEndIncluding": "1.0.56"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}