Vulnerabilities > CVE-2022-2276 - Missing Authorization vulnerability in WP Edit Menu Project WP Edit Menu

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
wp-edit-menu-project
CWE-862
NVD
Published: 2022-08-22
Updated: 2023-07-24

Summary

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog

Vulnerable Configurations

Part Description Count
Application
Wp_Edit_Menu_Project
1

Common Weakness Enumeration (CWE)

References