CVE-2022-1618

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...

CVE-2022-1618

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...

CVE-2022-1618

The CVE-2022-1618 entry documents a stored Cross-Site Scripting vulnerability in the Coru LFMember WordPress plugin (versions 1.0.2 and earlier). The root cause is a missing CSRF check when adding a new game, combined with insufficient sanitization and escaping in plugin settings, which allows a ...

CVE-2022-1618 Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...

PT-2024-11512 · WordPress · Coru Lfmember Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Coru LFMember WordPress plugin versions 1.0.2 and earlier Description: The issue is related to the lack of CSRF check when adding a new game and insufficient sanitization and escaping in the settings. This allows an attacker to make a...

WordPress plugin Coru LFMember security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

Coru LFMember <= 1.0.2 - Arbitrary Game Deletion/Activation via CSRF

The plugin does not have CSRF in place when deleting and activating games, which could allow attacker to make a logged in admin perform such actions PoC...

WordPress Coru LFMember plugin <= 1.0.2 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Mariam Tariq in WordPress Coru LFMember plugin versions = 1.0.2. Solution No patched version is available...

WordPress Coru LFMember 1.0.2 Cross Site Scripting

Exploit Title: WordPress Plugin Coru LFMember - Stored Cross Site Scripting Date: 26-04-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/Coru LFMember/ Version: 1.0.2 Tested on: Firefox Contact me: [email protected] Vulnerable Code: "...

WordPress Coru LFMember 1.0.2 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Coru LFMember - Stored Cross Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/Coru LFMember/ Version: 1.0.2 Tested on: Firefox Contact me: email protected Vulnerable Code: " name="gameimage" / "...

Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads PoC...