Crowdfavorite

crowdfavorite

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Progressive License

progressive_license

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2171 1Crowdfavorite 1Progressive License Jun 17, 2026 Aug 1, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HT...Show more The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-2171

1Crowdfavorite

1Progressive License

Jun 17, 2026

Aug 1, 2022

N/A· v4

5.4 MEDIUM· v3

N/A· v2

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.Show less