3 matches found
CVE-2021-24446
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation...
CVE-2021-24446
CVE-2021-24446 affects the WordPress Remove Footer Credit plugin (versions before 1.0.6). The issue is a missing CSRF check when saving settings, enabling a logged-in attacker to induce changes and, due to lack of sanitisation, trigger a Stored XSS. Remedy: upgrade to version 1.0.6 or later. If e...
CVE-2021-24446 Remove Footer Credit < 1.0.6 - CSRF to Stored Cross-Site Scripting
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation...