CVE-2022-3881

Name of the Vulnerable Software and Affected Versions WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin versions prior to 3.43

Description The issue is related to improper authorization and CSRF in an AJAX action, allowing any authenticated users to install and activate arbitrary plugins from wordpress.org. This can be exploited by authenticated users, such as subscribers.

Recommendations For versions prior to 3.43, update to version 3.43 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent unauthorized plugin installations.