CVE-2022-1790

MEDIUM

New User Email Set Up < 0.5.2 - Cross-Site Request Forgery in Settings Update

Title source: llm
STIX 2.1

Description

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/176d5761-4f01-4173-a70c-6052a6a9963e

Scores

CVSS v3 6.5
EPSS 0.0051
EPSS Percentile 39.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
new_user_email_set_up_project/new_user_email_set_up < 0.5.2
Published Jun 13, 2022
Tracked Since Feb 18, 2026