CVE-2024-22290 HIGH

CVE-2024-22290: WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Vendor Abozain,O7Abeeb,Unitone
Product Custom Dashboard Widgets
Weakness CWE-352 · CSRF
Published January 31, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.

Key dates

02Disclosure timeline

January 31, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-32745 WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2024-54431 WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability CVE-2024-3147 DedeCMS makehtml_map.php cross-site request forgery CVE-2025-0808 Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion CVE-2021-36876 WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities