CVE-2023-0603

The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Configurations

Configuration 1 (hide)

cpe:2.3:a:sloth_logo_customizer_project:sloth_logo_customizer:*:*:*:*:*:*:*:*

History

07 Nov 2023, 04:00

Type Values Removed Values Added
CWE CWE-79
CWE-352

Information

Published : 2023-05-08 14:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-0603

Mitre link : CVE-2023-0603

CVE.ORG link : CVE-2023-0603


JSON object : View

Products Affected

sloth_logo_customizer_project

  • sloth_logo_customizer
CWE

No CWE.