3 matches found
CVE-2023-0058
CVE-2023-0058 affects the Tiempo.com WordPress plugin (
CVE-2023-0058 Tiempo.com <= 0.1.2 - Stored XSS via CSRF
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
WordPress Tiempo.com Plugin <= 0.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Tiempo.com Type Plugin Vulnerable versions = 0.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0058 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID ae483448a050 Credits Shreya Pohekar Required privile...