WordPress Plugin Vulnerabilities

All-In-One Security < 5.1.1 - Bulk Actions via CSRF

Description

The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as delete arbitrary blocked IPs) via CSRF attacks

Affects Plugins

Plugin icon
all-in-one-wp-security-and-firewall
Fixed in 5.1.1

References

CVE
CVE-2022-44737

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
b3e97a48-1edd-4aa8-b654-f9b8263714e0

Timeline

Publicly Published
2022-11-22 (about 3 years ago)
Added
2022-11-22 (about 3 years ago)
Last Updated
2022-11-22 (about 3 years ago)

Other

Published
Title
Published
2014-08-01
Title
Nightlife by Templatic - CSRF File Upload
Published
2016-12-21
Title
copy-me 1.0.0 - Copy Posts Cross-Site Request Forgery (CSRF)
Published
2024-04-10
Title
UsersWP < 1.2.6 - Cross-Site Request Forgery
Published
2025-02-26
Title
School Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation
Published
2019-12-22
Title
Rencontre <= 3.2.2 - Multiple CSRF