Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.25 views

CVE-2022-3880

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins fro...

6.5CVSS6.7AI score0.0034EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/12/12 5:54 p.m.9 views

CVE-2022-3880 AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins fro...

7AI score0.0034EPSS
Exploits2References1
CVE
CVE
added 2022/12/12 5:54 p.m.73 views

CVE-2022-3880

CVE-2022-3880 affects the WordPress Anti Hacker plugin prior to version 4.20. Root cause: lack of proper authorization and CSRF protection in an AJAX action (antihacker_install_plugin), enabling any authenticated user (e.g., a subscriber) to install and activate arbitrary plugins from wordpress.o...

6.5CVSS6.4AI score0.0034EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/12/12 5:54 p.m.40 views

CVE-2022-3880 AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins fro...

6.6AI score0.0034EPSS
Exploits2References1
Rows per page
Query Builder