Unrated severityNVD Advisory· Published Jul 11, 2022· Updated Aug 3, 2024

Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF

CVE-2022-1599

Description

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.

Affected products

WordPress/Admin Management Xtendedv5
Range: 2.4.5
Package: https://wordpress.org/plugins/admin-management-xtended

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/4a36e876-7e3b-4a81-9f16-9ff5fbb20dd6mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000