5 matches found
WordPress MapFig Studio plugin <= 0.2.1 - Stored XSS via CSRF vulnerability
Stored XSS via CSRF vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin MapFig Studio versions = 0.2.1...
CVE-2024-6712
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-6712
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-6712
The CVE-2024-6712 entry concerns the WordPress MapFig Studio plugin (versions ≤ 0.2.1). The root cause is missing CSRF checks in several areas, coupled with insufficient sanitisation and escaping, which could allow a logged-in admin to add stored XSS payloads via a CSRF attack. The vulnerability ...
CVE-2024-6712 MapFig Studio <= 0.2.1 - Stored XSS via CSRF
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...