CVE-2022-1761

CVE-2022-1761: Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF

Vendor Unknown

Product Peter’s Collaboration E-mails

Weakness CWE-352 · CSRF

Published June 13, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.

Key dates

02Disclosure timeline

June 13, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1761 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2021-3944 Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack CVE-2024-37431 WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability CVE-2020-13569 CVE-2024-12634 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2023-48282 WordPress Taxonomy filter Plugin <= 2.2.9 is vulnerable to Cross Site Request Forgery (CSRF)