CVE-2022-1591

State: PUBLISHED · Published: 2022-09-19 · Updated: 2024-08-03 · Assigner: WPScan

Description

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CWE

CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected

Unknown / WordPress Ping Optimizer — v=2.35.1.3.0 <2.35.1.3.0 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/b1a52c7e-3422-40dd-af5a-ea4c622a87aa x_refsource_MISC

Source

cvelistV5-main/cves/2022/1xxx/CVE-2022-1591.json