2 matches found
CVE-2022-1418 Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues...
CVE-2022-1418
CVE-2022-1418 affects the WordPress Social Stickers plugin up to version 2.2.9. The issue is a lack of CSRF protection when updating its Social Network settings and insufficient escaping of certain fields, enabling a logged-in admin to modify settings in a way that could trigger Stored Cross-Site...