WordPress Plugin Vulnerabilities

AdRotate Banner Manager < 5.9.1 - Password Change via CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make a logged admin change their password via CSRF attacks

Affects Plugins

Plugin icon
adrotate
Fixed in 5.9.1

References

CVE
CVE-2022-26366

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
19efbad3-d34a-41ac-94c1-2fa2c795dbc0

Timeline

Publicly Published
2022-11-11 (about 3 years ago)
Added
2022-11-30 (about 3 years ago)
Last Updated
2022-11-30 (about 3 years ago)

Other

Published
Title
Published
2024-11-01
Title
Twitter @Anywhere Plus <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-09-05
Title
Responder < 4.4.0 - Cross-Site Request Forgery
Published
2024-12-12
Title
CK and SyntaxHighlighter <= 3.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2018-05-28
Title
JS Job <= 1.0.6 - CSRF
Published
2023-04-14
Title
WP EasyPay < 4.1 - CSRF