CVE-2022-3538

MEDIUM

Webmaster Tools Verification <1.2 - CSRF

Title source: llm
STIX 2.1

Description

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0035
EPSS Percentile 26.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352 CWE-862
Status published
Products (1)
webmaster_tools_verification_project/webmaster_tools_verification < 1.2
Published Nov 14, 2022
Tracked Since Feb 18, 2026