CVE-2022-2912

CVE-2022-2912: Craw Data <= 1.0.0 - Server Side Request Forgery

Vendor Unknown
Product Craw Data
Weakness CWE-918 · SSRF
Published September 16, 2022
Last update June 3, 2025

CVSS base score

What the vulnerability does

01Description

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).

Key dates

02Disclosure timeline

September 16, 2022 CVE published
June 3, 2025 Record updated

Related vulnerabilities

04Related CVE