3 matches found
CVE-2022-1624
The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1624 Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF
The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1624
Summary: CVE-2022-1624 affects the WordPress plugin Latest Tweets Widget (versions ≤ 1.1.4). The flaw is a missing CSRF check when updating settings, which could let a logged-in admin be manipulated via CSRF. Sources across NVD, Red Hat, CNVD, CVE List, WPVulnDB, CNNVD and PatchStack corroborate ...