CVE-2022-3850
Published: 28 November 2022
Summary
CVE-2022-3850 is a medium-severity an unspecified weakness vulnerability in Find And Replace All Project Find And Replace All. Its CVSS base score is 4.3 (Medium).
Operationally, ranked at the 35.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-43190
Vulnerability details
The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.