4 matches found
CVE-2023-6529
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...
CVE-2023-6529
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...
CVE-2023-6529 WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...
CVE-2023-6529
Affected product: WP VR WordPress plugin before version 8.3.15. Root cause: missing authorization and CSRF protection in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin. Impact: can lead to reflected or stored XSS (as noted in multiple sources). Exploitatio...