Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.25 views

CVE-2022-0363

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts...

4.3CVSS6.8AI score0.00333EPSS
Exploits1References1
OSV
OSV
added 2022/04/25 4:16 p.m.3 views

CVE-2022-0363

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts...

4.3CVSS5.9AI score0.00333EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/25 4:16 p.m.6 views

CVE-2022-0363

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts...

4.3CVSS5.6AI score0.00333EPSS
Exploits1References2
CVE
CVE
added 2022/04/25 3:50 p.m.82 views

CVE-2022-0363

The CVE describes a vulnerability in the WordPress myCred plugin prior to 2.4.3.1 where the mycred-tools-import-export AJAX action lacks authorization and CSRF checks. This allows any authenticated user (e.g., subscribers) to invoke the action and import myCred settings, potentially creating badg...

4.3CVSS4.6AI score0.00333EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder