Medium severity4.3NVD Advisory· Published Jan 30, 2023· Updated Jun 17, 2026
CVE-2022-4872
CVE-2022-4872
Description
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.12.0+ 1 more
- (no CPE)range: <2.12.0
- (no CPE)range: <2.12.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.