2 matches found
CVE-2022-3677 Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF
The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks...
CVE-2022-3677
The CVE relates to the Advanced Import WordPress plugin prior to version 1.3.8, where a CSRF flaw allows an authenticated admin to install arbitrary plugins from WordPress.org and activate arbitrary plugins via CSRF attacks. Root cause: lack of CSRF checks during plugin installation/activation. I...