Lucene search
WPScanCVELIST:CVE-2024-8043HistorySep 17, 2024 - 6:00 a.m.
CVE-2024-8043 Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF
2024-09-1706:00:03
WPScan
www.cve.org
2
vikinghammer tweet
wordpress plugin
stored xss
csrf
sanitisation
escaping
attackers
admin
EPSS
0
Percentile
14.7%
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Vikinghammer Tweet",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "0.2.4"
}
],
"defaultStatus": "affected"
}
]Related
cve
cve
CVE-2024-8043
2024-09-17 06:15:02
vulnrichment
vulnrichment
CVE-2024-8043 Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF
2024-09-17 06:00:03
nvd
nvd
CVE-2024-8043
2024-09-17 06:15:02
wordfence
wordfence