cleantalk
Vulnerabilities and Security Researches

Admin Management Xtended, CVE-2022-1599

CVE, Research URL

CVE-2022-1599

Home page URL

Security reports for Admin Management Xtended

Application

Admin Management Xtended

Published on
Jul 11, 2022
Research Description
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.
Affected versions
max 2.4.5.
Status
vulnerable
Previous vulnerability researches
Admin Management Xtended (CVE-2025-62965) , Nov 11, 2025
Admin Management Xtended (CVE-2024-49307) , Oct 19, 2024
Admin Management Xtended (CVE-2022-1599) , Jun 07, 2024
Admin Management Xtended (CVE-2015-9390) , Jun 07, 2024
Admin Management Xtended (CVE-2022-29450) , Jun 07, 2024
New vulnerability
Master Blocks – Ultimate Gutenberg Blocks for Marketers (CVE-2025-10896) , Nov 11, 2025
Reuse Builder (CVE-2025-11812) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-11823) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-12493) , Nov 11, 2025
Gravity Forms Google Sheet Connector (CVE-2025-8606) , Nov 11, 2025