CVE-2022-3880
CVE-2022-3880 affects the WordPress Anti Hacker plugin prior to version 4.20. Root cause: lack of proper authorization and CSRF protection in an AJAX action (antihacker_install_plugin), enabling any authenticated user (e.g., a subscriber) to install and activate arbitrary plugins from wordpress.o...