CVE-2022-1956

MEDIUM

Shortcut Macros < 1.3 - Authenticated Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/ef6d0393-0ce3-465c-84c8-53bf8c58958a

Scores

CVSS v3 4.3
EPSS 0.0031
EPSS Percentile 22.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
shortcut_macros_project/shortcut_macros < 1.3
Published Jul 11, 2022
Tracked Since Feb 18, 2026