3 matches found
CVE-2022-29430
Cross-Site Scripting XSS vulnerability in KubiQ's PNG to JPG plugin = 4.0 at WordPress via Cross-Site Request Forgery CSRF. Vulnerable parameter &jpgquality...
CVE-2022-29430 WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability in KubiQ's PNG to JPG plugin = 4.0 at WordPress via Cross-Site Request Forgery CSRF. Vulnerable parameter &jpgquality...
CVE-2022-29430
CVE-2022-29430 describes a cross-site scripting vulnerability in the WordPress PNG to JPG plugin (versions up to 4.0). The flaw allows stored XSS when CSRF enables an admin action that updates plugin settings, with the vulnerable parameter being “jpg_quality.” Root cause is lack of CSRF protectio...