CVE-2022-1791 Information

Description

The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.

Reference

https://wpscan.com/vulnerability/5c185269-cb3a-4463-8d73-b190813d4431