CVE-2022-2388: WP Coder < 2.5.3 - Code Deletion via CSRF
First published: Mon Aug 22 2022(Updated: )
The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wow-company Wp Coder | <2.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the WP Coder WordPress plugin vulnerability?
The vulnerability ID for the WP Coder WordPress plugin vulnerability is CVE-2022-2388.
What is the severity of CVE-2022-2388?
The severity of CVE-2022-2388 is medium (6.5).
What is the affected software for CVE-2022-2388?
The affected software for CVE-2022-2388 is Wow-company Wp Coder plugin version up to 2.5.3 in WordPress.
How does the WP Coder WordPress plugin vulnerability occur?
The WP Coder WordPress plugin vulnerability occurs due to the lack of CSRF check when deleting code created by the plugin.
How can attackers exploit CVE-2022-2388?
Attackers can exploit CVE-2022-2388 by performing a CSRF attack to make a logged-in admin delete arbitrary code.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/wow-company
- canonical/wow-company wp coder