Headline
CVE-2022-36346: WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Monitoring Coming soon
Find out about vulnerable plugins in your websites for free.
Scan your website
Software
MaxButtons
Type
Plugin
Vulnerable versions
<= 9.2
Fixed in
9.3
PSID
b82d75299e1a
CVE ID
CVE-2022-36346
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Credits
Muhammad Daffa (Patchstack Alliance)
Publicly disclosed
2022-08-02
Details
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were discovered by Muhammad Daffa (Patchstack Alliance) in WordPress MaxButtons plugin (versions <= 9.2).
Solution
Update the WordPress MaxButtons plugin to the latest available version (at least 9.3).
References