VYPR
Medium severity4.3NVD Advisory· Published Jan 30, 2023· Updated Jun 17, 2026

CVE-2022-4872

CVE-2022-4872

Description

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.