The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-12-12T17:54:54.003Z
Updated: 2024-08-03T01:20:58.887Z
Reserved: 2022-11-07T16:28:07.354Z
Link: CVE-2022-3880
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-12T18:15:11.127
Modified: 2023-11-07T03:51:55.100
Link: CVE-2022-3880
Redhat
No data.