CVE-2022-0134

HIGH

AnyComment WordPress <0.2.18 - CSRF

Title source: llm

Description

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack

Exploits (1)

github NO CODE 2 stars

by tomorroisnew · poc

https://github.com/tomorroisnew/CVE/tree/main/CVE-2022-0134

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85

Scores

CVSS v3 8.8

EPSS 0.0038

EPSS Percentile 59.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

bologer/anycomment < 0.2.18

Published Feb 21, 2022

Tracked Since Feb 18, 2026