Security Advisory

CVE-2022-3677

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-05 16:50:30

Last updated 2025-04-24 13:33:51

Assigner WPScan

State PUBLISHED

Description

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks

← Browse all CVEs View on cve.org ↗