CVE-2022-47172

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 17, 2023

Updated: Jul 26, 2023

CWE ID 352

Summary

CVE-2022-47172 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 2.6.2 and below of the HasThemes ShopLentor plugin. Attackers can exploit this issue by tricking users into visiting a maliciously crafted website, allowing the attacker to perform unauthorized actions on the user's behalf within the ShopLentor plugin. Successful exploitation could result in data modifications, including but not limited to order creation, modification or deletion. Users are strongly urged to update to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r81nO0
https://www.cve.org/CVERecord?id=CVE-2022-47172
https://nvd.nist.gov/vuln/detail/CVE-2022-47172

Back to Vulnerability Database

CVE-2022-47172

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations