Login Sign Up

CVE-2022-23976

8.1 HIGH
CSRF

📋 TL;DR

This Cross-Site Request Forgery (CSRF) vulnerability in the Access Demo Importer WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. When exploited, it can reset all website data including posts, pages, and media. WordPress sites using Access Demo Importer version 1.0.7 or earlier are affected.

💻 Affected Systems

Products:
  • WordPress Access Demo Importer plugin
Versions: <= 1.0.7
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to trick authenticated administrator into visiting malicious page while logged into WordPress admin.

📦 What is this software?

Access Demo Importer by Accesspressthemes

View all CVEs affecting Access Demo Importer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website data loss including all posts, pages, and media files, requiring full restoration from backups and causing extended downtime.

🟠

Likely Case

Partial or complete content reset leading to website disruption, content loss, and recovery efforts.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or plugin is updated/disabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick authenticated admin users. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.8 or later

Vendor Advisory: https://wordpress.org/plugins/access-demo-importer/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Access Demo Importer' and click 'Update Now'. 4. Verify version is 1.0.8 or higher.

🔧 Temporary Workarounds

Disable Access Demo Importer plugin

all

Temporarily deactivate the vulnerable plugin until patched

wp plugin deactivate access-demo-importer

Implement CSRF protection middleware

all

Add WordPress nonce verification to plugin functionality

Add wp_nonce_field() and wp_verify_nonce() calls to plugin code

🧯 If You Can't Patch

  • Restrict admin access to trusted networks only
  • Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Access Demo Importer version <= 1.0.7

Check Version:

wp plugin get access-demo-importer --field=version

Verify Fix Applied:

Confirm Access Demo Importer version is 1.0.8 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /wp-admin/admin.php?page=access-demo-importer with reset parameters
  • Unusual admin activity from unexpected IP addresses

Network Indicators:

  • CSRF attack patterns in web traffic
  • Malicious iframe or form submissions targeting admin endpoints

SIEM Query:

source="wordpress.log" AND "access-demo-importer" AND "reset" AND response_code=200

📊 Metadata

CVE ID: CVE-2022-23976
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CWE: CWE-352
Published: April 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23976, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)