Lucene search
WPScanCVELIST:CVE-2022-1599HistoryJul 11, 2022 - 12:56 p.m.
CVE-2022-1599 Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF
2022-07-1112:56:01
CWE-352
WPScan
www.cve.org
2
wordpress
csrf
vulnerability
admin management xtended
ajax actions
EPSS
0.001
Percentile
26.3%
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.
CNA Affected
[
{
"product": "Admin Management Xtended",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.5",
"status": "affected",
"version": "2.4.5",
"versionType": "custom"
}
]
}
]Related
patchstack
patchstack
cnvd
cnvd
WordPress Admin Management Xtended pluginθ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2022-07-13 00:00:00
osv
osv
CVE-2022-1599
2022-07-11 13:15:08
cve
cve
CVE-2022-1599
2022-07-11 13:15:08
wpvulndb
wpvulndb
nvd
nvd
CVE-2022-1599
2022-07-11 13:15:08
prion
prion
Cross site request forgery (csrf)
2022-07-11 13:15:00
wpexploit
wpexploit