CVE-2022-1761
Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
13 jun 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.
Productos afectados
Unknown · Peter’s Collaboration E-mails