CVE-2022-1956

CVE-2022-1956: Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update

Vendor Unknown

Product Shortcut Macros

Weakness CWE-352 · CSRF

Published July 11, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.

Key dates

02Disclosure timeline

July 11, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1956 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-31814 WordPress OwnerRez Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-13518 Simple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post Editing CVE-2022-45847 WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) CVE-2023-41129 WordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-58853 WordPress Popping Sidebars and Widgets Light Plugin <= 1.27 - Cross Site Request Forgery (CSRF) Vulnerability