5 matches found
CVE-2023-0420
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF...
CVE-2023-0420
CVE-2023-0420 relates to the WordPress plugin “Custom Post Type and Taxonomy GUI Manager” (versions
CVE-2023-0420 Custom Post Type and Taxonomy GUI Manager <= 1.1 - Stored XSS via CSRF
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF...
CVE-2023-0420 Custom Post Type and Taxonomy GUI Manager <= 1.1 - Stored XSS via CSRF
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF...
WordPress Custom Post Type and Taxonomy GUI Manager Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Custom Post Type and Taxonomy GUI Manager Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0420 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de2781305d8c Credits...