CVE-2022-1790

CVE-2022-1790: New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF

Vendor Unknown

Product New User Email Set Up

Weakness CWE-352 · CSRF

Published June 13, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Key dates

02Disclosure timeline

June 13, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1790 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-47459 WordPress WP Fundraising Donation and Crowdfunding Platform plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2026-22800 PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences CVE-2025-6865 DaiCuo index cross-site request forgery CVE-2025-47596 WordPress Beacon Lead Magnets and Lead Capture plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-5382 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion