5 matches found
CVE-2024-13115
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-13115
creationtimestamp| type| source ---|---|--- 2025-02-04 06:08:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113944121166063683 2025-02-04 06:13:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113944139633952082 2025-02-04 06:15:55+00:00| seen|...
CVE-2024-13115
CVE-2024-13115 pertains to the WordPress plugin “WP Projects Portfolio with Client Testimonials”. Connected sources confirm the issue: the plugin is affected through version 3.0 and is described as lacking CSRF protection in certain areas, with missing sanitization and escaping, enabling a logged...
CVE-2024-13115 WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-13115 WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...