Unrated severityNVD Advisory· Published Jun 13, 2022· Updated Aug 3, 2024

Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS

CVE-2022-1792

Description

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Quick Subscribe plugindescription
WordPress/Quick Subscribellm-create
Range: <=1.7.1

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/44555c79-480d-4b6a-9fda-988183c06909mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000