Lucene search
K

CVE-2022-1956

🗓️ 11 Jul 2022 12:56:58Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 63 Views🌐 WEB

The Shortcut Macros WordPress plugin lacks authorization and CSRF checks, allowing authenticated users to update settings

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-1956
11 Jul 202213:15
attackerkb
Circl
CVE-2022-1956
11 Jul 202216:19
circl
CNNVD
WordPress pluginShortcut Macros 跨站请求伪造漏洞
11 Jul 202200:00
cnnvd
CNVD
WordPress Shortcut Macros plugin跨站请求伪造漏洞
13 Jul 202200:00
cnvd
Cvelist
CVE-2022-1956 Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update
11 Jul 202212:56
cvelist
EUVD
EUVD-2022-25224
3 Oct 202520:07
euvd
NVD
CVE-2022-1956
11 Jul 202213:15
nvd
OSV
CVE-2022-1956
11 Jul 202213:15
osv
Prion
Cross site request forgery (csrf)
11 Jul 202213:15
prion
Positive Technologies
PT-2022-14216 · WordPress · Shortcut Macros
11 Jul 202200:00
ptsecurity
Rows per page
NVD
Vulners
[
  {
    "product": "Shortcut Macros",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.3",
        "status": "affected",
        "version": "1.3",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
ak_actionrequest bodywp-admin/options-general.phpLacks authorization and CSRF protections allowing any authenticated user to modify plugin/settings via POST to WordPress options-general.php.CWE-352
aksm_k_1request bodywp-admin/options-general.phpLacks authorization and CSRF protections allowing any authenticated user to modify plugin/settings via POST to WordPress options-general.php.CWE-352
aksm_v_1request bodywp-admin/options-general.phpLacks authorization and CSRF protections allowing any authenticated user to modify plugin/settings via POST to WordPress options-general.php.CWE-352
submit_buttonrequest bodywp-admin/options-general.phpLacks authorization and CSRF protections allowing any authenticated user to modify plugin/settings via POST to WordPress options-general.php.CWE-352

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:23Current
5.3Medium risk
Vulners AI Score5.3
CVSS 24
CVSS 3.14.3
EPSS0.00305
63