{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-3097","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","dateUpdated":"2025-05-07T20:13:11.951Z","dateReserved":"2022-09-02T00:00:00.000Z","datePublished":"2022-10-25T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2022-11-29T13:41:09.131Z"},"title":"LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF","problemTypes":[{"descriptions":[{"description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Plugin LBstopattack","collectionURL":"https://wordpress.org/plugins","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"1.1.3"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections."}],"references":[{"url":"https://wpscan.com/vulnerability/9ebb8318-ebaf-4de7-b337-c91327685a43","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Daniel Ruf","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:00:10.709Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/9ebb8318-ebaf-4de7-b337-c91327685a43","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-07T20:12:53.617775Z","id":"CVE-2022-3097","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-07T20:13:11.951Z"}}]}}