CVE-2022-1967

Name of the Vulnerable Software and Affected Versions WP Championship WordPress plugin versions prior to 9.3

Description The issue is related to the lack of CSRF checks in various places within the plugin, allowing attackers to make a logged-in admin perform unwanted actions. These actions include creating and deleting arbitrary teams, as well as updating the plugin's settings. Additionally, due to the lack of sanitization and escaping, this could also lead to Stored Cross-Site Scripting issues.

Recommendations For versions prior to 9.3, update to version 9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings and team management features to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.