CVE-2022-1599 Information

Description

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft published) slug post date comment status (enabled disabled) and more.

Reference

https://wpscan.com/vulnerability/4a36e876-7e3b-4a81-9f16-9ff5fbb20dd6