Headline

CVE-2022-29450: WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.

2 years ago

CVE

Open in Source

#csrf #vulnerability #wordpress

Fixed

5.4

CVSS 3.1 score Medium severity

Monitoring Coming soon

Vulnerable versions

<= 2.4.4

PSID

bbb55cabc55b

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Publicly disclosed

2022-05-27

Details

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were discovered by Nguy Minh Tuan (Patchstack Alliance) in the WordPress Admin Management Xtended plugin (versions <= 2.4.4).

Solution

Update the WordPress Admin Management Xtended plugin to the latest available version (at least 2.4.5).

References

CVE-2022-29450 Plugin page

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.

2 years ago

CVE

Open in Source

#csrf #vulnerability #redis #js #wordpress #php #auth

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago

Headline

CVE-2022-29450: WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack

Related news

CVE: Latest News