2 matches found
WordPress 0mk Shortener Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
Software 0mk Shortener Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-2933 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID ca425f76b250 Credits Juampa Rodríguez Required...
CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...