QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1599

Published: Jul 11, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.

Vendor	Product	Versions
Unknown	Admin Management Xtended	affected `2.4.5 - < 2.4.5`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/4a36e876-7e3b-4a81-9f16-9ff5fbb20dd6

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.