4 matches found
CVE-2021-42364
creationtimestamp| type| source ---|---|--- 2021-11-29 22:33:44+00:00| seen| https://t.me/cibsecurity/33065...
CVE-2021-42364 Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6...
CVE-2021-42364
The CVE-2021-42364 entry maps to the WordPress Stetic plugin vulnerability, where Cross-Site Request Forgery arises from missing nonce validation in the stats_page function of stetic.php. Affected versions are up to 1.0.6, enabling attackers to inject arbitrary web scripts (Stored XSS). Several c...
CVE-2021-42364 Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6...