CVE-2022-3899

HIGH Year: 2022
CVSS v3 Score
8.1
High
Weakness Type
CWE-352
View all →

Vulnerability Description

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.

Related Vulnerabilities

CVE-2015-9455

HIGH
CVSS:8.1(High)

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.

CWE-3522015

CVE-2017-1000504

HIGH
CVSS:8.1(High)

A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after ...

CWE-3522017

CVE-2017-8099

HIGH
CVSS:8.1(High)

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.

CWE-3522017

CVE-2017-9963

HIGH
CVSS:8.1(High)

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 ...

CWE-3522017

CVE-2018-1000414

HIGH
CVSS:8.1(High)

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing con...

CWE-3522018

CVE-2018-1000417

HIGH
CVSS:8.1(High)

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.

CWE-3522018