CVE-2022-2388

Summary

The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

Affected Software

VendorProductVersion RangeStatus
UnknownWP Coder – add custom html, css and js code2.5.3 < 2.5.3affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References