Vulnerabilities and security researches foradmin-management-xtended admin-management-xtended

Nov 11, 2025

CVE, Research URL: CVE-2025-62965
Home page URL: Security reports for Admin Management Xtended
Application: Admin Management Xtended
Date: Oct 27, 2025
Research Description: Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1.
Affected versions: max 2.5.1.
Status: vulnerable

Oct 19, 2024

CVE, Research URL: CVE-2024-49307
Home page URL: Security reports for Admin Management Xtended
Application: Admin Management Xtended
Date: Oct 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oliver Schlöbe Admin Management Xtended allows Stored XSS.This issue affects Admin Management Xtended: from n/a through 2.4.6.
Affected versions: max 2.4.6.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-1599
Home page URL: Security reports for Admin Management Xtended
Application: Admin Management Xtended
Date: Jul 11, 2022
Research Description: The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.
Affected versions: max 2.4.5.
Status: vulnerable

CVE, Research URL: CVE-2015-9390
Home page URL: Security reports for Admin Management Xtended
Application: Admin Management Xtended
Date: Sep 20, 2019
Research Description: The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.
Affected versions: max 2.4.1.
Status: vulnerable

CVE, Research URL: CVE-2022-29450
Home page URL: Security reports for Admin Management Xtended
Application: Admin Management Xtended
Date: Jun 16, 2022
Research Description: Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.
Affected versions: max 2.4.5.
Status: vulnerable