CVE-2022-1618

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...

CVE-2022-1618

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...

CVE-2022-1618 Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...

CVE-2022-1618

The CVE-2022-1618 entry documents a stored Cross-Site Scripting vulnerability in the Coru LFMember WordPress plugin (versions 1.0.2 and earlier). The root cause is a missing CSRF check when adding a new game, combined with insufficient sanitization and escaping in plugin settings, which allows a ...

WordPress plugin Coru LFMember security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

PT-2024-11512 · WordPress · Coru Lfmember Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Coru LFMember WordPress plugin versions 1.0.2 and earlier Description: The issue is related to the lack of CSRF check when adding a new game and insufficient sanitization and escaping in the settings. This allows an attacker to make a...

Coru LFMember <= 1.0.2 - Arbitrary Game Deletion/Activation via CSRF

The plugin does not have CSRF in place when deleting and activating games, which could allow attacker to make a logged in admin perform such actions PoC...

WordPress Coru LFMember plugin <= 1.0.2 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Mariam Tariq in WordPress Coru LFMember plugin versions = 1.0.2. Solution No patched version is available...

WordPress Coru LFMember plugin <= 1.0.2 - Arbitrary Game Deletion/Activation via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Game Deletion/Activation via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress Coru LFMember plugin versions = 1.0.2. Solution No patched version is available...

WordPress Coru LFMember 1.0.2 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Coru LFMember - Stored Cross Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/Coru LFMember/ Version: 1.0.2 Tested on: Firefox Contact me: email protected Vulnerable Code: " name="gameimage" / "...

WordPress Coru LFMember 1.0.2 Cross Site Scripting

Exploit Title: WordPress Plugin Coru LFMember - Stored Cross Site Scripting Date: 26-04-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/Coru LFMember/ Version: 1.0.2 Tested on: Firefox Contact me: [email protected] Vulnerable Code: "...

Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads PoC...