CVE CyberSecurity Database News - Latest cybersecurity news and CVE details

Sign in Subscribe

SearchWP

CVE-2022-40223 - How a Nonce Token Leak and Missing Authorization in SearchWP Premium <= 4.2.5 Let Attackers Change WordPress Plugin Settings

Nov 8, 2022 CSRF WordPress SearchWP, LLC SearchWP

CVE-2022-40223 - How a Nonce Token Leak and Missing Authorization in SearchWP Premium <= 4.2.5 Let Attackers Change WordPress Plugin Settings

WordPress powers over 40% of the web, but its popularity also makes it a huge target. Today we’ll break down a real vulnerability—CVE-2022-40223—