CVE-2022-0541

CVE-2022-0541: Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

Vendor Unknown
Product flo-launch
Weakness CWE-284
Published April 25, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.

Key dates

02Disclosure timeline

April 25, 2022 CVE published
August 2, 2024 Record updated