← volver
CVE-2022-2276

WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion

EPSS 0.3%CWE-352CWE-862
The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog
Productos afectados
Unknown · WP Edit Menu

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset?new=2749780%40wp-edit-menu%2Ftrunk&old=2220186%40wp-edit-menu%2Ftrunkhttps://wpscan.com/vulnerability/92de9c1b-48dd-4a5f-bbb3-455f8f172b09