CVE-2022-3538

CVE-2022-3538: Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation

Vendor Unknown

Product Webmaster Tools Verification

Weakness CWE-862 · Missing authorization

Published November 14, 2022

Last update April 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins

Key dates

02Disclosure timeline

November 14, 2022 CVE published

April 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3538 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2026-39562 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.10 - Broken Access Control vulnerability CVE-2024-33558 WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability CVE-2022-47604 WordPress AJAX Thumbnail Rebuild plugin <= 1.13 - Broken Access Control vulnerability CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation CVE-2025-30797 WordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control Vulnerability