Lucene search
WPScanCVELIST:CVE-2024-7818HistorySep 12, 2024 - 6:00 a.m.
CVE-2024-7818 Misiek Photo Album <= 1.4.3 - Stored XSS via CSRF
2024-09-1206:00:05
WPScan
www.cve.org
4
misiek photo album
wordpress
csrf
vulnerability
xss
csrf attack
EPSS
0.001
Percentile
17.7%
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Misiek Photo Album",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.4.3"
}
],
"defaultStatus": "affected"
}
]Related
cve
cve
CVE-2024-7818
2024-09-12 06:15:24
vulnrichment
vulnrichment
CVE-2024-7818 Misiek Photo Album <= 1.4.3 - Stored XSS via CSRF
2024-09-12 06:00:05
nvd
nvd
CVE-2024-7818
2024-09-12 06:15:24
wordfence
wordfence