Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN31606885/index.html | Third Party Advisory |
https://plugins.trac.wordpress.org/changeset?new=2362275%40paid-membership&old=2345274%40paid-membership | Patch Third Party Advisory |
https://wordpress.org/plugins/paid-membership/ | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2022-04-20T01:05:12
Updated: 2022-04-20T01:05:12
Reserved: 2022-04-11T00:00:00
Link: CVE-2022-27629
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-20T02:15:09.220
Modified: 2022-04-29T03:59:37.147
Link: CVE-2022-27629
JSON object: View
Redhat Information
No data.
CWE