Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF
CVE-2022-0191
6.5MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 2 May 2022
What is CVE-2022-0191?
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans
Affected Version(s)
Ad Invalid Click Protector (AICP) 1.2.7