CVE-2022-1956
CVE-2022-1956 affects the Shortcut Macros WordPress plugin (versions up to 1.3). The root cause is missing authorization and CSRF checks when updating plugin settings, enabling any authenticated user (e.g., a subscriber) to update settings. The public documents describe a CSRF attack workflow and...