CVE-2022-1792

CVE-2022-1792: Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS

Vendor Unknown

Product Quick Subscribe

Weakness CWE-352 · CSRF

Published June 13, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them

Key dates

02Disclosure timeline

June 13, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1792

Related vulnerabilities

04Related CVE

CVE-2022-23601 CSRF token missing in Symfony CVE-2024-43287 WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability CVE-2022-47142 WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-62107 WordPress Feather Login Page plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-8481 Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery