Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF
Vulnerability Description
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
WordPress plugin Admin Management Xtended 跨站请求伪造漏洞
Vulnerability Description
WordPress等都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。Xtend等都是Eclipse基金会的产品。Xtend是一款Java虚拟机的通用高级编程语言。WordPress plugin是一个应用插件。 WordPress plugin Admin Management Xtended 2.4.5之前的版本存在安全漏洞,该漏洞源于在更新其设置时没有进行 CSRF 检查,攻击者利用该漏洞可以具有调用它们的能力。
CVSS Information
N/A
Vulnerability Type
N/A