cve/2022/CVE-2022-4872.md

### [CVE-2022-4872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4872)
![](https://img.shields.io/static/v1?label=Product&message=Chained%20Products&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

### Description

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'

### POC

#### Reference
- https://wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-4872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4872)`
			`![](https://img.shields.io/static/v1?label=Product&message=Chained%20Products&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)`

			`### Description`

			`The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6`

			`#### Github`
			`No PoCs found on GitHub currently.`