CVE-2022-3881

MEDIUM Year: 2022
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

Related Vulnerabilities

CVE-2016-4315

MEDIUM
CVSS:5.7(Medium)

Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action ...

CWE-3522016

CVE-2017-14956

MEDIUM
CVSS:5.7(Medium)

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local do...

CWE-3522017

CVE-2017-5528

MEDIUM
CVSS:5.7(Medium)

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of thi...

CWE-3522017

CVE-2019-14680

MEDIUM
CVSS:5.7(Medium)

The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.

CWE-3522019

CVE-2019-14683

MEDIUM
CVSS:5.7(Medium)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

CWE-3522019

CVE-2019-7730

MEDIUM
CVSS:5.7(Medium)

MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.

CWE-3522019