"TITLE":"Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF"
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"generator":"WPScan CVE Generator",
"affects":{
"vendor":{
"vendor_data":[
{
"vendor_name":"Unknown",
"product":{
"product_data":[
{
"product_name":"Admin Management Xtended",
"version":{
"version_data":[
{
"version_affected":"<",
"version_name":"2.4.5",
"version_value":"2.4.5"
}
]
}
}
]
}
}
]
}
},
"description":{
"description_data":[
{
"lang":"eng",
"value":"The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more."