Lucene search
WPScanCVELIST:CVE-2022-1791HistoryJun 13, 2022 - 12:42 p.m.
CVE-2022-1791 One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF
2022-06-1312:42:58
CWE-352
WPScan
www.cve.org
2
wordpress
plugin
csrf
vulnerability
update
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.
CNA Affected
[
{
"product": "One Click Plugin Updater",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "2.4.14",
"status": "affected",
"version": "2.4.14",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site request forgery (csrf)
2022-06-13 13:15:00
cnvd
cnvd
WordPress One Click Plugin Updater pluginθ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2022-06-15 00:00:00
cve
cve
CVE-2022-1791
2022-06-13 13:15:12
patchstack
patchstack
nvd
nvd
CVE-2022-1791
2022-06-13 13:15:12
wpvulndb
wpvulndb
One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF
2022-05-23 00:00:00
wpexploit
wpexploit
One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF
2022-05-23 00:00:00