The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/ef6d0393-0ce3-465c-84c8-53bf8c58958a | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/ef6d0393-0ce3-465c-84c8-53bf8c58958a | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/ef6d0393-0ce3-465c-84c8-53bf8c58958a - Exploit, Third Party Advisory |
Information
Published : 2022-07-11 13:15
Updated : 2024-11-21 06:41
NVD link : CVE-2022-1956
Mitre link : CVE-2022-1956
CVE.ORG link : CVE-2022-1956
JSON object : View
Products Affected
shortcut_macros_project
- shortcut_macros
CWE
CWE-352
Cross-Site Request Forgery (CSRF)