CVE-2022-1599

Name of the Vulnerable Software and Affected Versions Admin Management Xtended WordPress plugin versions prior to 2.4.5

Description The issue allows attackers to make logged-in users with the right capabilities call certain AJAX actions without proper CSRF checks. This can lead to unauthorized changes in post status, slug, post date, comment status, and more.

Recommendations For versions prior to 2.4.5, update to version 2.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions that are missing CSRF checks until a patch is applied.