Lucene search
WPScanCVELIST:CVE-2022-1618HistoryJan 16, 2024 - 3:52 p.m.
CVE-2022-1618 Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2024-01-1615:52:50
WPScan
www.cve.org
3
cve-2022-1618
stored cross-site scripting
csrf
sanitisation
escaping
admin bypass
EPSS
0.001
Percentile
17.0%
The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads
CNA Affected
[
{
"vendor": "Unknown",
"product": "Coru LFMember",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.0.2"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2022-04-26 00:00:00
nvd
nvd
CVE-2022-1618
2024-01-16 16:15:09
prion
prion
Cross site request forgery (csrf)
2024-01-16 16:15:00
vulnrichment
vulnrichment
CVE-2022-1618 Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2024-01-16 15:52:50
cve
cve
CVE-2022-1618
2024-01-16 16:15:09
wpexploit
wpexploit
Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2022-04-26 00:00:00