Security Advisory

CVE-2022-1967

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-04 13:05:56

Last updated 2024-08-03 00:24:43

Assigner WPScan

State PUBLISHED

Description

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugins settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

← Browse all CVEs View on cve.org ↗