CVE-2022-1761: Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF
First published: Mon Jun 13 2022(Updated: )
The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zimbra Collaboration | <=2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-1761?
CVE-2022-1761 is classified as a medium severity vulnerability due to its potential impact on the security of user settings.
How do I fix CVE-2022-1761?
To fix CVE-2022-1761, update the Peter's Collaboration E-mails plugin to a version later than 2.2.0 that includes nonce checks.
What type of vulnerability is CVE-2022-1761?
CVE-2022-1761 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Peter's Collaboration E-mails WordPress plugin.
What can attackers do with CVE-2022-1761?
Attackers exploiting CVE-2022-1761 can change settings in the plugin, including user levels, text content, and email addresses.
Is CVE-2022-1761 present in all versions of the plugin?
CVE-2022-1761 affects all versions of the Peter's Collaboration E-mails plugin up to and including version 2.2.0.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/peter\'s collaboration e-mails project
- canonical/zimbra collaboration
- version/zimbra collaboration/2.2.0