CVE-2022-1957

CVE-2022-1957: Comment License < 1.4.0 - Arbitrary Settings Update via CSRF

Vendor Unknown
Product Comment License
Weakness CWE-352 · CSRF
Published July 11, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Key dates

02Disclosure timeline

July 11, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-0197 Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite CVE-2022-40686 WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability CVE-2023-25708 WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-0831 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice CVE-2025-28897 WordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerability