CVE-2022-1573

CVE-2022-1573: HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF

Vendor Unknown

Product HTML2WP

Weakness CWE-352 · CSRF

Published June 27, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them

Key dates

02Disclosure timeline

June 27, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1573 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-2483 Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery CVE-2024-22290 WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-25991 WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2012-10010 BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery CVE-2022-47149 WordPress Shortlinks by Pretty Links Plugin <= 3.4.0 is vulnerable to Cross Site Request Forgery (CSRF)