Lucene search
Johannes GangsรถWPVDB-ID:07757D1E-39AD-4199-BC7A-ECB821DFC996HistoryAug 01, 2022 - 12:00 a.m.
WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF
2022-08-0100:00:00
Johannes Gangsรถ
wpscan.com
7
plugin
csrf
ajax action
attackers
admin
posts/pages
blog
poc
software
EPSS
0.001
Percentile
25.9%
The plugin does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack
PoC
Related
cvelist
cvelist
CVE-2022-2275 WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF
2022-08-22 15:00:37
prion
prion
Cross site request forgery (csrf)
2022-08-22 15:15:00
nvd
nvd
CVE-2022-2275
2022-08-22 15:15:14
cve
cve
CVE-2022-2275
2022-08-22 15:15:14
wpexploit
wpexploit
WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF
2022-08-01 00:00:00