Search Results | AttackerKB

Show filters

Topics 3 Users 9,731

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2022-1599

Disclosure Date: July 11, 2022 (last updated February 24, 2025)

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-29450

Disclosure Date: May 27, 2022 (last updated February 23, 2025)

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2015-9390

Disclosure Date: September 20, 2019 (last updated November 27, 2024)

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

Attack Vector: Network Privileges: Low User Interaction: None

0