WordPress Plugin Vulnerabilities

Admin Management Xtended < 2.4.5 - Multiple CSRF

Description

The plugin does not have CSRF in various places and actions, allowing attackers to make a logged in users perform unauthorised actions on their behalf via CSRF attacks

Affects Plugins

Plugin icon
admin-management-xtended
Fixed in 2.4.5

References

CVE
CVE-2022-29450

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguy Minh Tuan
Verified
No
WPVDB ID
307a43a1-ad06-4336-b3f4-a35ff7623a9e

Timeline

Publicly Published
2022-05-27 (about 3 years ago)
Added
2022-06-16 (about 3 years ago)
Last Updated
2023-03-16 (about 3 years ago)

Other

Published
Title
Published
2023-12-28
Title
Custom Twitter Feeds (Tweets Widget) < 2.2 - Cross-Site Request Forgery
Published
2022-08-01
Title
Download Manager < 3.2.49 - Multiple CSRF
Published
2024-06-13
Title
Schema App Structured Data < 2.2.1 - Cross-Site Request Forgery
Published
2023-11-16
Title
WP EXtra < 6.5 - Cross-Site Request Forgery ToolImport
Published
2023-03-08
Title
Daily Prayer Time < 2023.03.18 - Settings Update via CSRF