CVE-2022-0914— WordPress Export All URLs plugin跨站请求伪造漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2022-0914の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Export All URLs < 4.3 - Private/Draft Post/Page Title Disclosure via CSRF
ソース: NVD (National Vulnerability Database)
脆弱性説明
The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
跨站请求伪造(CSRF)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
WordPress Export All URLs plugin跨站请求伪造漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
WordPress等都是WordPress(Wordpress)基金会的产品。WordPress是一套使用PHP语言开发的博客平台。WordPress plugin等都是(WordPress)开源的产品。WordPress plugin是一个应用插件。Atlas Gondal Export All URLs等都是(Atlas Gondal)个人开发者的产品。Export All URLs是一个 WordPress 插件。 WordPress Export All URLs plugin存在跨站请求伪造漏洞
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Unknown | Export All URLs | 4.3 ~ 4.3 | - |
II. CVE-2022-0914の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2022-0914のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Unknown · 2022-04-11 · 23 CVEs total
| CVE-2022-0828 | Download Manager < 3.2.39 - Unauthenticated brute force of files master key | |
| CVE-2021-24986 | Post Grid < 2.1.16 - Reflected Cross-Site Scripting via keyword | |
| CVE-2021-24987 | Super Socializer < 7.13.30 - Reflected Cross-Site Scripting | |
| CVE-2021-25090 | GridKit Portfolio < 2.1.0 - Subscriber+ Stored Cross-Site Scripting | |
| CVE-2022-0246 | iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip | |
| CVE-2022-0271 | LearnPress < 4.1.6 - Reflected Cross-Site Scripting | |
| CVE-2022-0314 | Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting | |
| CVE-2022-0447 | Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types | |
| CVE-2022-0471 | Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting | |
| CVE-2022-0531 | WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting | |
| CVE-2022-0728 | Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-1023 | Podcast Importer SecondLine < 1.3.8 - Admin+ SQLi | |
| CVE-2022-0840 | Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon | |
| CVE-2022-0892 | Export All URLs < 4.2 - Reflected Cross-Site Scripting | |
| CVE-2022-0919 | Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure | |
| CVE-2022-0920 | Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure | |
| CVE-2022-0949 | WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi | |
| CVE-2022-0969 | Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-0989 | NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality | |
| CVE-2022-1006 | Advanced Booking Calendar < 1.7.1 - Admin+ SQLi |
Showing 20 of 23 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Export All URLs
- CVE-2026-2696
Export All URLs < 5.1 - Unauthenticated Sensitive Data Expos - CVE-2023-3118
Export All URLs < 4.6 - Reflected XSS - CVE-2022-27856
WordPress Export All URLs Plugin <= 4.1 is vulnerable to Cro - CVE-2022-2638
Export All URLs < 4.4 - Admin+ Arbitrary System File Removal - CVE-2022-0892
Export All URLs < 4.2 - Reflected Cross-Site Scripting
同じベンダー: Unknown
- CVE-2026-6433
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection t - CVE-2026-4935
SureTriggers < 1.1.23 – Unauthenticated SQLi - CVE-2026-5335
Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosu - CVE-2026-5337
Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary - CVE-2026-5306
Check & Log Email < 2.0.13 - Unauthenticated Stored XSS
同じ弱点: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. CVE-2022-0914へのコメント
まだコメントはありません