CVE-2022-1611

HIGH

Bulk Page Creator < 1.1.4 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/3843b867-7784-4976-b5ab-8a1e7d45618a

Scores

CVSS v3 8.8
EPSS 0.0061
EPSS Percentile 44.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
bulk_page_creator_project/bulk_page_creator < 1.1.4
Published May 30, 2022
Tracked Since Feb 18, 2026