CVE-2022-1792

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them...

CVE-2022-1792

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them...

CVE-2022-1792

The CVE-2022-1792 entry affects the WordPress Quick Subscribe plugin (versions up to 1.7.1). It describes a CSRF flaw in settings updates that can permit a logged-in attacker to alter settings, with Stored XSS risk due to insufficient sanitisation/escaping. Root cause: absence of CSRF checks and ...

WordPress plugin Quick Subscribe 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them PoC...