CVE-2022-1599
Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
11 jul 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.
Productos afectados
Unknown · Admin Management Xtended¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →