CVE Vulnerabilities

CVE-2022-3336

Published: Nov 21, 2022 | Modified: Apr 30, 2025
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack

Affected Software

Name Vendor Start Version End Version
Event_monster Awplife * 1.2.0 (excluding)

References