exploitDog

GHSA-jx93-fcjj-g734

Опубликовано: 13 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.1

Описание

The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Ссылки

EPSS

Процентиль: 13%

0.00044

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2025-1436

CVSS3: 7.1

nvd

11 месяцев назад

The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

EPSS

Процентиль: 13%

0.00044

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-352