2 matches found
CVE-2021-43353
The CVE-2021-43353 entry concerns the WordPress Crisp Live Chat plugin, where a Cross-Site Request Forgery (CSRF) vulnerability arises from missing nonce validation in the crisp_plugin_settings_page function (crisp.php), affecting versions up to 0.31. This CSRF flaw enables an attacker to inject ...
CVE-2021-43353 Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...