WordPress Plugin Vulnerabilities

About Me <= 1.0.12 - Subscriber+ Arbitrary Network Creation/Deletion

Description

The plugin does not have authorisation and CRSF when adding and deleting networks via AJAX actions, which could allow any authenticated users, such as subscriber to create and delete arbitrary networks

Affects Plugins

Plugin icon
about-me
No known fix

References

CVE
CVE-2022-36387

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
ptsfence
Verified
No
WPVDB ID
b35b15ae-beb4-4619-ba19-fe96f83033aa

Timeline

Publicly Published
2022-08-25 (about 3 years ago)
Added
2022-09-07 (about 3 years ago)
Last Updated
2022-09-07 (about 3 years ago)

Other

Published
Title
Published
2023-06-22
Title
Gallery Metabox <= 1.5 - Subscriber+ Unauthorized Data Access
Published
2024-07-19
Title
Atarim < 4.0.1 - Missing Authorization
Published
2025-10-30
Title
Accessibility Toolkit by WebYes < 2.0.5 - Missing Authorization
Published
2025-10-24
Title
GenerateBlocks < 2.1.2 - Contributor+ Arbitrary Options Disclosure
Published
2026-04-23
Title
BetterDocs < 4.3.12 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage