exploitDog

GHSA-9p93-28x6-fpf9

Опубликовано: 16 янв. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads

Ссылки

EPSS

Процентиль: 43%

0.00211

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-1618

CVSS3: 6.1

nvd

около 2 лет назад

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads

EPSS

Процентиль: 43%

0.00211

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-352