CVE-2022-36404

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:coleds:simple_seo:*:*:*:*:*:wordpress:*:*

History

26 Jul 2023, 09:15

Type Values Removed Values Added
References
  • {'url': 'https://wordpress.org/plugins/cds-simple-seo/#developers', 'name': 'https://wordpress.org/plugins/cds-simple-seo/#developers', 'tags': ['Product', 'Release Notes', 'Third Party Advisory'], 'refsource': 'CONFIRM'}
CWE CWE-862
Summary Auth. (subscriber+) Broken Access Control vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemap. Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

21 Jul 2023, 20:21

Type Values Removed Values Added
CWE CWE-863 CWE-352

Information

Published : 2022-11-03 20:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-36404

Mitre link : CVE-2022-36404

CVE.ORG link : CVE-2022-36404


JSON object : View

Products Affected

coleds

  • simple_seo
CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization