2 matches found
CVE-2022-3882 WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.o...
CVE-2022-3882
CVE-2022-3882 concerns the WordPress WP Memory plugin prior to 2.46. The vulnerability is a lack of proper authorization and CSRF protection in an AJAX action, allowing any authenticated user (e.g., a subscriber) to call the action and install/activate arbitrary plugins from wordpress.org. Connec...