Описание
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.2 (включая)
cpe:2.3:a:sloth_logo_customizer_project:sloth_logo_customizer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08293
Низкий
8.8 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
EPSS
Процентиль: 92%
0.08293
Низкий
8.8 High
CVSS3