3 matches found
CVE-2022-1763
Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the...
CVE-2022-1763
CVE-2022-1763 affects the WordPress Static Page eXtended plugin up to version 2.1. The issue stems from missing CSRF checks, allowing an attacker to arbitrarily update plugin settings (including required user levels). This can lead to Stored XSS due to insufficient escaping in certain settings. P...
CVE-2022-1763 Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS
Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the...