CVE-2022-2276 Information

Description

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog

Reference

https://plugins.trac.wordpress.org/changeset?new=2749780%40wp-edit-menu%2Ftrunk&old=2220186%40wp-edit-menu%2Ftrunk https://wpscan.com/vulnerability/92de9c1b-48dd-4a5f-bbb3-455f8f172b09