Headline
CVE-2022-44737: WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 5.1.0
PSID
56c1bbdd9608
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A8: Cross Site Request Forgery (CSRF)
Publicly disclosed
2022-11-22
Details
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were discovered by Rafie Muhammad (Patchstack) in the WordPress All In One WP Security plugin (versions <= 5.1.0).
Solution
Update the WordPress All In One WP Security & Firewall plugin to the latest available version (at least 5.1.1).
References