CVE-2022-1967

Published: Jul 4, 2022Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Affected (1)

Products: Wp Championship Project: Wp Championship

Wp Championship Project

1 product

Wp Championship

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wp Championship Project Wp Championship	Before 9.3

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.