WordPress Multi-page Toolkit plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Multi-page Toolkit plugin 2.6 and earlier versions are vulnerable to cross-site request forgery,...

CVE-2022-1818

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

CVE-2022-1818

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

Cross site scripting

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

CVE-2022-1818

CVE-2022-1818 affects the WordPress plugin Multi-page Toolkit (versions up to 2.6). The vulnerability arises from a missing CSRF check when updating plugin settings, which could allow an authenticated admin to perform a CSRF attack that changes settings. This, combined with insufficient sanitisat...

CVE-2022-1818 Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

WordPress plugin Multi-page Toolkit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Multi-page Toolkit plugin 2.6 and earlier versions are vulnerable to cross-site request forgery,...

Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well ' input typ...