CVE-2022-23975: CSRF
First published: Mon Apr 18 2022(Updated: )
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Accesspressthemes Access Demo Importer | <=1.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-23975?
CVE-2022-23975 is a Cross-Site Request Forgery (CSRF) vulnerability in Access Demo Importer <= 1.0.7 on WordPress, allowing an attacker to activate any installed plugin.
How does CVE-2022-23975 affect WordPress?
CVE-2022-23975 affects WordPress by allowing an attacker to activate any installed plugin through a Cross-Site Request Forgery (CSRF) attack in the Access Demo Importer plugin version <= 1.0.7.
What is the severity of CVE-2022-23975?
The severity of CVE-2022-23975 is medium with a CVSS score of 6.5.
How can I fix CVE-2022-23975?
To fix CVE-2022-23975, update the Access Demo Importer plugin to a version higher than 1.0.7 or remove the plugin if it is no longer needed.
Where can I find more information about CVE-2022-23975?
You can find more information about CVE-2022-23975 at the following references: [Link 1](https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-arbitrary-plugin-activation), [Link 2](https://wordpress.org/plugins/access-demo-importer/#developers)
- collector/nvd-index
- vendor/accesspressthemes
- canonical/accesspressthemes access demo importer
- version/accesspressthemes access demo importer/1.0.7