Filtered by vendor Admin Management Xtended Project
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1599 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2022-07-15 | 4.3 MEDIUM | 6.5 MEDIUM |
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more. | |||||
CVE-2022-29450 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2022-06-24 | 6.8 MEDIUM | 8.8 HIGH |
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | |||||
CVE-2015-9390 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2019-09-23 | 4.0 MEDIUM | 4.3 MEDIUM |
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. |