CVE-2022-46798: WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
First published: Wed Mar 01 2023(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hasthemes Woolentor - Woocommerce Elementor Addons \+ Builder | <2.5.2 |
Remedy
Update to 2.5.2 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2022-46798.
What is the title of this vulnerability?
The title of this vulnerability is 'Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.'
What is the affected software?
The affected software is HasThemes ShopLentor plugin <= 2.5.1.
What is the severity of CVE-2022-46798?
The severity of CVE-2022-46798 is medium with a CVSS score of 5.4.
How can I fix this vulnerability?
To fix this vulnerability, update the HasThemes ShopLentor plugin to version 2.5.2 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/hasthemes
- canonical/hasthemes woolentor - woocommerce elementor addons \+ builder