CVE-2022-2245

CVE-2022-2245: Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

Vendor Unknown

Product Counter Box – WordPress plugin for countdown, timer, counter

Weakness CWE-352 · CSRF

Published August 1, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

Key dates

02Disclosure timeline

August 1, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2245 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-48265 WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability CVE-2018-25151 Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration CVE-2023-37892 WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-69021 WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-26011 WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)