CVE-2022-2387

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

T

he Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

References

Link	Resource
https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8	Exploit Third Party Advisory
https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*

History

07 Feb 2025, 19:44

Type	Values Removed	Values Added
First Time		Awesomemotive easy Digital Downloads Awesomemotive
CPE	cpe:2.3:a:sandhillsdev:easy_digital_downloads::::::wordpress::*	cpe:2.3:a:awesomemotive:easy_digital_downloads::::::wordpress::*

21 Nov 2024, 07:00

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8 - Exploit, Third Party Advisory

Information

Published : 2022-11-07 10:15

Updated : 2025-05-05 21:15

NVD link : CVE-2022-2387

Mitre link : CVE-2022-2387

CVE.ORG link : CVE-2022-2387

JSON object : View

Products Affected

awesomemotive

easy_digital_downloads

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2022-2387", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-11-07T10:15:11.413", "references": [{"url": "https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack"}, {"lang": "es", "value": "El complemento de WordPress Easy Digital Downloads anterior a 3.0 no cuenta con verificaci\u00f3n CSRF al eliminar el historial de pagos y no garantiza que la publicaci\u00f3n que se eliminar\u00e1 sea en realidad un historial de pagos. Como resultado, los atacantes podr\u00edan hacer que un administrador que haya iniciado sesi\u00f3n elimine una publicaci\u00f3n arbitraria mediante un ataque CSRF."}], "lastModified": "2025-05-05T21:15:45.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "99F997B0-A64D-4F62-8859-406672E9E4ED", "versionEndExcluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}