The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/4463785c-55db-4f86-80a2-ada4d2241e5e/ | Exploit Third Party Advisory |
Configurations
History
07 Oct 2024, 17:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Snapshot Backup Project snapshot Backup
Snapshot Backup Project |
|
References | () https://wpscan.com/vulnerability/4463785c-55db-4f86-80a2-ada4d2241e5e/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:snapshot_backup_project:snapshot_backup:*:*:*:*:*:wordpress:*:* |
09 Sep 2024, 14:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Sep 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-09 06:15
Updated : 2024-10-07 17:45
NVD link : CVE-2024-7689
Mitre link : CVE-2024-7689
CVE.ORG link : CVE-2024-7689
JSON object : View
Products Affected
snapshot_backup_project
- snapshot_backup
CWE
CWE-352
Cross-Site Request Forgery (CSRF)