Cross site request forgery (csrf)

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handlesavestyle function found in the /news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18...

CVE-2021-34631

Summary: CVE-2021-34631 affects the WordPress NewsPlugin (versions ≤ 1.0.18). The issue is a CSRF in the handle_save_style function in ~/news-plugin.php that enables stored XSS by injecting arbitrary web scripts. The in-scope impact includes potential script execution in authenticated contexts; C...

NewsPlugin < 1.1.0 - CSRF to Stored Cross-Site Scripting

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handlesavestyle function found in the /news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. Note: v1.1.0 Added CSRF to the affected function, but see...