CVE-2022-2388

MEDIUM

WP Coder < 2.5.3 - Cross-Site Request Forgery via Code Deletion

Title source: llm
STIX 2.1

Description

The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/50acd35f-eb31-4aba-bf32-b390e9514beb

Scores

CVSS v3 6.5
EPSS 0.0036
EPSS Percentile 28.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
wow-company/wp_coder < 2.5.3
Published Aug 22, 2022
Tracked Since Feb 18, 2026