CVE-2022-1203

Published: May 30, 2022Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options

Affected (1)

Products: Content Mask Project: Content Mask

Content Mask Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Content Mask Project Content Mask	Before 1.8.4.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://wpscan.com/vulnerability/3c9969e5-ca8e-4e5d-a482-c6b5c4257820

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/3c9969e5-ca8e-4e5d-a482-c6b5c4257820

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.