CVE-2022-1112

Summary

The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack

Affected Software

VendorProductVersion RangeStatus
UnknownAutolinks1.0.1 <= 1.0.1affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)
  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References