The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 04:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 |
09 Aug 2023, 17:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cmscommander:wp_shopping_pages:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
First Time |
Cmscommander wp Shopping Pages
Cmscommander |
07 Aug 2023, 15:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-07 15:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3492
Mitre link : CVE-2023-3492
CVE.ORG link : CVE-2023-3492
JSON object : View
Products Affected
cmscommander
- wp_shopping_pages
CWE
No CWE.