2 matches found
CVE-2022-1618
The CVE-2022-1618 entry documents a stored Cross-Site Scripting vulnerability in the Coru LFMember WordPress plugin (versions 1.0.2 and earlier). The root cause is a missing CSRF check when adding a new game, combined with insufficient sanitization and escaping in plugin settings, which allows a ...
CVE-2022-1618 Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...