CVE-2022-1760 Information

Description

The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings which could allow attackers to make a logged in admin change them via a CSRF attack

Reference

https://wpscan.com/vulnerability/c7906b1d-25c9-4f34-bd02-66824878b88e/