CVE-2024-7860

The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-7860

The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

PT-2024-38637 · WordPress · Simple Headline Rotator

Name of the Vulnerable Software and Affected Versions: The Simple Headline Rotator WordPress plugin version 1.0 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Store...

WordPress Simple Headline Rotator plugin <= 1.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Simple Headline Rotator versions = 1.0...

WordPress Simple Headline Rotator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Headline Rotator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7860 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 30c399c6a90f Credits Daniel Ruf...