WordPress Robots.txt rewrite plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Robots.txt rewrite versions = 1.6.1...

CVE-2024-6797

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6797

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6797

CVE-2024-6797 affects the DL Robots.txt WordPress plugin (versions ≤ 1.2). The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting for high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). ...