CVE-2022-3677

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks...

CVE-2022-3677

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks...

CVE-2022-3677

The CVE relates to the Advanced Import WordPress plugin prior to version 1.3.8, where a CSRF flaw allows an authenticated admin to install arbitrary plugins from WordPress.org and activate arbitrary plugins via CSRF attacks. Root cause: lack of CSRF checks during plugin installation/activation. I...

WordPress plugin Advanced Import 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2022-23613 · WordPress · Advanced Import

Name of the Vulnerable Software and Affected Versions: Advanced Import WordPress plugin versions prior to 1.3.8 Description: The issue concerns a lack of CSRF check in the Advanced Import WordPress plugin, allowing attackers to make a logged-in admin install arbitrary plugins from WordPress.org a...

WordPress Advanced Import plugin <= 1.0.7 - Unauthenticated Database Reset vulnerability leading to Privilege Escalation

Unauthenticated Database Reset vulnerability leading to Privilege Escalation discovered by NinTechNet in WordPress Advanced Import plugin versions = 1.0.7. Solution Update the WordPress Advanced Import plugin to the latest available version at least 1.0.8...