Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/bd3aff73-078a-4e5a-b9e3-1604851c6df8 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/bd3aff73-078a-4e5a-b9e3-1604851c6df8 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/bd3aff73-078a-4e5a-b9e3-1604851c6df8 - Exploit, Third Party Advisory |
Information
Published : 2022-06-13 13:15
Updated : 2024-11-21 06:41
NVD link : CVE-2022-1763
Mitre link : CVE-2022-1763
CVE.ORG link : CVE-2022-1763
JSON object : View
Products Affected
static_page_extended_project
- static_page_extended
CWE
CWE-352
Cross-Site Request Forgery (CSRF)