CVE-2022-1626

CVE-2022-1626: Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF

Vendor Unknown

Product Sharebar

Weakness CWE-352 · CSRF

Published July 11, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them

Key dates

02Disclosure timeline

July 11, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1626 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2022-47177 WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2021-21241 CSRF can expose users authentication token in Flask-Security-Too CVE-2025-54702 WordPress Ebook Store Plugin plugin <= 5.8013 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2023-47531 WordPress Droit Dark Mode Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-48284 WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)