Admin Management Xtended

admin_management_xtended

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1599 1Admin Management Xtended Project 1Admin Management Xtended Nov 21, 2024 Jul 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to chang...Show more The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.Show less
CVE-2022-29450 1Admin Management Xtended Project 1Admin Management Xtended Nov 21, 2024 Jun 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.
CVE-2015-9390 1Admin Management Xtended Project 1Admin Management Xtended Nov 21, 2024 Sep 20, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.