WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
CVE-2022-44737

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: All-in-one Security (aiOS) – Security And Firewall (WordPress Plugin)
Vendor: CVE Published:; 22 November 2022

What is CVE-2022-44737?

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.

All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Rafie Muhammad (Patchstack)