First published: Mon Apr 18 2022(Updated: )
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Accesspressthemes Access Demo Importer | <=1.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23975 is a Cross-Site Request Forgery (CSRF) vulnerability in Access Demo Importer <= 1.0.7 on WordPress, allowing an attacker to activate any installed plugin.
CVE-2022-23975 affects WordPress by allowing an attacker to activate any installed plugin through a Cross-Site Request Forgery (CSRF) attack in the Access Demo Importer plugin version <= 1.0.7.
The severity of CVE-2022-23975 is medium with a CVSS score of 6.5.
To fix CVE-2022-23975, update the Access Demo Importer plugin to a version higher than 1.0.7 or remove the plugin if it is no longer needed.
You can find more information about CVE-2022-23975 at the following references: [Link 1](https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-arbitrary-plugin-activation), [Link 2](https://wordpress.org/plugins/access-demo-importer/#developers)