What the vulnerability does
01Description
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans
CVE-2022-0191
CVE-2022-0191: Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF
CVSS base score
—
Key dates
02Disclosure timeline
May 2, 2022
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-49294 WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-13511 Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset
CVE-2021-23163
CVE-2023-25029 WordPress WP Social Bookmarking Light Plugin <= 2.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-6474 PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery
