The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/1c93ea8f-4e68-4da1-994e-35a5873278ba | Exploit |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:00
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 |
Information
Published : 2023-05-08 14:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-0603
Mitre link : CVE-2023-0603
CVE.ORG link : CVE-2023-0603
JSON object : View
Products Affected
sloth_logo_customizer_project
- sloth_logo_customizer
CWE
No CWE.