Lucene search

Ryo Onodera (Cryptography Laboratory Tokyo Denki University)PATCHSTACK:79E021E674BA53B4F04B9D494C7F7D07

HistoryJun 16, 2022 - 12:00 a.m.

WordPress Button Widget Smartsoft plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)

2022-06-1600:00:00

Ryo Onodera (Cryptography Laboratory Tokyo Denki University)

patchstack.com

0.001 Low

EPSS

Percentile

50.6%

JSON

Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS) was discovered by Ryo Onodera (Cryptography Laboratory Tokyo Denki University) in the WordPress Button Widget Smartsoft plugin (versions <= 1.0.1).

Solution

Deactivate and delete. This plugin has been closed as of June 8, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
button widget smartsoftle1.0.1

CPE	Name	Operator	Version
	button widget smartsoft	le	1.0.1

References

www.wordfence.com/vulnerability-advisories/#CVE-2022-1912

0.001 Low

EPSS

Percentile

50.6%

JSON

Related for PATCHSTACK:79E021E674BA53B4F04B9D494C7F7D07