CVE-2022-1758: Other vulnerability on Genki Pre Publish Reminder Project Genki Pre Publish Reminder

Vulnerability Details : CVE-2022-1758

CVE Name: CVE-2022-1758: Other vulnerability on Genki Pre Publish Reminder Project Genki Pre Publish Reminder

Description: The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings.

Publish date: 2022-06-13T13:15Z

Last Update: 2022-06-22T19:45Z

CVSS Scores & Vulnerability Types

CVSS Score	8.8
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH
Actack Vector	NETWORK
Actack Complexity	LOW
Privileges Required	NONE
User Interaction	REQUIRED
Scope	UNCHANGED
Vulnerability Type(s)	Other
CWE ID	352

Products Affected By CVE-2022-1758

#	Vendor	Product	Vulnerable Versions
1	Genki Pre Publish Reminder Project	Genki Pre Publish Reminder	1

Detail of Verions Affected

#	Product Type	Vendor	Product	Version
1	Application	Genki Pre Publish Reminder Project	Genki Pre Publish Reminder	* Wordpress

References For CVE-2022-1758

Hyperlink	Resource
https://wpscan.com/vulnerability/211816ce-d2bc-469b-9a8e-e0c2a5c4461b	Exploit, Third Party Advisory