CVE-2022-1757

CVE-2022-1757: Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS

Vendor Unknown

Product pagebar

Weakness CWE-352 · CSRF

Published July 11, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues

Key dates

02Disclosure timeline

July 11, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1757 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-6474 PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery CVE-2025-22571 WordPress Instabot plugin <= 1.10 - CSRF to Stored XSS vulnerability CVE-2024-0592 Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery CVE-2022-4936 WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery CVE-2026-42645 WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.11.0 - Cross Site Request Forgery (CSRF) vulnerability