CVE-2022-2276

MEDIUM

WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion via AJAX Action

Title source: llm
STIX 2.1

Description

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog

References (2)

Core 2

Scores

CVSS v3 4.3
EPSS 0.0034
EPSS Percentile 25.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352 CWE-862
Status published
Products (1)
wp_edit_menu_project/wp_edit_menu < 1.5.0
Published Aug 22, 2022
Tracked Since Feb 18, 2026