Search criteria
2 vulnerabilities by wp_edit_menu_project
CVE-2022-2276 (GCVE-0-2022-2276)
Vulnerability from cvelistv5 – Published: 2022-08-22 15:00 – Updated: 2024-08-03 00:32
VLAI
Title
WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion
Summary
The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/92de9c1b-48dd-4a… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset?new=… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Edit Menu |
Affected:
1.5.0 , < 1.5.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/92de9c1b-48dd-4a5f-bbb3-455f8f172b09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=2749780%40wp-edit-menu%2Ftrunk\u0026old=2220186%40wp-edit-menu%2Ftrunk"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Edit Menu",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Gangs\u00f6"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:00:57.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/92de9c1b-48dd-4a5f-bbb3-455f8f172b09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=2749780%40wp-edit-menu%2Ftrunk\u0026old=2220186%40wp-edit-menu%2Ftrunk"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Edit Menu \u003c 1.5.0 - Unauthenticated Arbitrary Post Deletion",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2276",
"STATE": "PUBLIC",
"TITLE": "WP Edit Menu \u003c 1.5.0 - Unauthenticated Arbitrary Post Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Edit Menu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.0",
"version_value": "1.5.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Gangs\u00f6"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/92de9c1b-48dd-4a5f-bbb3-455f8f172b09",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/92de9c1b-48dd-4a5f-bbb3-455f8f172b09"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?new=2749780%40wp-edit-menu%2Ftrunk\u0026old=2220186%40wp-edit-menu%2Ftrunk",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset?new=2749780%40wp-edit-menu%2Ftrunk\u0026old=2220186%40wp-edit-menu%2Ftrunk"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2276",
"datePublished": "2022-08-22T15:00:57.000Z",
"dateReserved": "2022-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2275 (GCVE-0-2022-2275)
Vulnerability from cvelistv5 – Published: 2022-08-22 15:00 – Updated: 2024-08-03 00:32
VLAI
Title
WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF
Summary
The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/07757d1e-39ad-41… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Edit Menu |
Affected:
1.5.0 , < 1.5.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/07757d1e-39ad-4199-bc7a-ecb821dfc996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Edit Menu",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Gangs\u00f6"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:00:37.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/07757d1e-39ad-4199-bc7a-ecb821dfc996"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Edit Menu \u003c= 1.5.0 - Arbitrary Post Deletion via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2275",
"STATE": "PUBLIC",
"TITLE": "WP Edit Menu \u003c= 1.5.0 - Arbitrary Post Deletion via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Edit Menu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.0",
"version_value": "1.5.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Gangs\u00f6"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/07757d1e-39ad-4199-bc7a-ecb821dfc996",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/07757d1e-39ad-4199-bc7a-ecb821dfc996"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2275",
"datePublished": "2022-08-22T15:00:37.000Z",
"dateReserved": "2022-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}