6 matches found
CVE-2022-3883
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress....
CVE-2022-3883
creationtimestamp| type| source ---|---|--- 2022-12-12 20:21:04+00:00| seen| https://t.me/cibsecurity/54341...
CVE-2022-3883
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress....
CVE-2022-3883 StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress....
CVE-2022-3883 StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress....
CVE-2022-3883
CVE-2022-3883 describes a vulnerability in the WordPress StopBadBots/Block Bad Bots plugin prior to v7.24 where an AJAX action lacks proper authorization and CSRF checks. This allows any authenticated user (e.g., a subscriber) to trigger the action and install/activate arbitrary plugins from word...