Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-0134. PoCs published by tomorroisnew.
Description
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Exploits (1)
github
NO CODE
2 stars
by tomorroisnew · poc
https://github.com/tomorroisnew/CVE/tree/main/CVE-2022-0134
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85
Scores
CVSS v3
8.8
EPSS
0.0063
EPSS Percentile
45.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
bologer/anycomment
< 0.2.18
Published
Feb 21, 2022
Tracked Since
Feb 18, 2026