Private Messages For WordPress <= 2.1.10 – Arbitrary Message Sent via CSRF | CVE 2022-29441

Affects Plugins

private-messages-for-wordpress

No known fix

References

CVE

CVE-2022-29441

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

BEE-K

Verified

No

WPVDB ID

07470282-b081-48b6-8f93-c396ae1b6579

Timeline

Publicly Published

2022-05-25 (about 3 years ago)

Added

2022-06-16 (about 3 years ago)

Last Updated

2023-03-18 (about 3 years ago)

Other

Published

Title

Published

2025-04-09

Title

Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-01-07

Title

Smoothness Slider Shortcode <= v1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2022-05-17

Title

Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF

Published

2025-09-22

Title

Piotnet Forms <= 1.0.30 - Cross-Site Request Forgery

Published

2025-06-16

Title

YITH PayPal Express Checkout for WooCommerce < 1.49.1 - Cross-Site Request Forgery