CVE-2022-23975

Description

Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.

CVSS breakdown

Affected products

• AccessPress Themes / Access Demo Importer (WordPress plugin)<= 1.0.7 – 1.0.7

References

• MISChttps://wordpress.org/plugins/access-demo-importer/#developers
• MISChttps://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-arbitrary-plugin-activation