CVE-2022-1957

Comment License < 1.4.0 - Arbitrary Settings Update via CSRF

EPSS 0.4%CWE-352

The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Productos afectados

Unknown · Comment License

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/ad3f6f3d-e12c-4867-906c-73aa001c7351