CVE-2022-1956
MEDIUMShortcut Macros < 1.3 - Authenticated Cross-Site Request Forgery
Title source: llmDescription
The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/ef6d0393-0ce3-465c-84c8-53bf8c58958a
Scores
CVSS v3
4.3
EPSS
0.0031
EPSS Percentile
22.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
shortcut_macros_project/shortcut_macros
< 1.3
Published
Jul 11, 2022
Tracked Since
Feb 18, 2026