CVE-2022-29450 MEDIUM

CVE-2022-29450: WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Vendor Oliver Schlöbe
Product Admin Management Xtended (WordPress plugin)
Weakness CWE-352 · CSRF
Published June 15, 2022
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.

Key dates

02Disclosure timeline

June 15, 2022 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-30549 WordPress Yummly Rich Recipes plugin <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-13720 WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion CVE-2022-47139 WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2021-37198 CVE-2026-39640 WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability