CVE-2022-1956 Vulnerability Details
/
/
/
CVE-2022-1956 Metadata Quick Info
CVE Published: 11/07/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022
Source: WPScan |
Vendor: Unknown |
Product: Shortcut Macros
Status : PUBLISHED
CVE-2022-1956 Description
The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID: CWE-352
CWE Name: CWE-352 Cross-Site Request Forgery (CSRF)
Source: Unknown
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID:
CAPEC Description: