CVE-2022-1572

Published: Jun 27, 2022Modified: Jun 17, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file

Affected (1)

Products: Html2wp Project: Html2wp

Html2wp Project

1 product

Html2wp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Html2wp Project Html2wp	Up to 1.0.0

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.