Medium severity6.5NVD Advisory· Published Jul 4, 2022· Updated Jun 17, 2026
CVE-2022-1967
CVE-2022-1967
Description
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Championshipdescription
- Range: <9.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/02d25736-c796-49bd-b774-66e0e3fcf4c9nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.