WordPress Plugin Vulnerabilities

Access Demo Importer < 1.0.8 - Arbitrary Plugin Activation via CSRF

Description

The plugin does not have CSRF check in place when activating installed plugins, which could allow an attacker to make a logged in admin perform such action via a CSRF attack

Affects Plugins

Plugin icon
access-demo-importer
Fixed in 1.0.8

References

CVE
CVE-2022-23975

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Ex.Mi
Verified
Yes
WPVDB ID
49fb8257-559a-4b98-83fe-52d5b7e6a27c

Timeline

Publicly Published
2022-01-24 (about 4 years ago)
Added
2022-04-18 (about 4 years ago)
Last Updated
2022-04-19 (about 4 years ago)

Other

Published
Title
Published
2023-02-21
Title
WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF
Published
2026-02-14
Title
Theme Editor <= 3.2 - Cross-Site Request Forgery
Published
2023-04-05
Title
WCFM Marketplace < 3.5.0 - Multiple CSRF
Published
2025-11-20
Title
AuthorSure <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-03-15
Title
Contact Form 7 Redirect & Thank You Page < 1.0.4 - Cross-Site Request Forgery