CVE-2022-1781

The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

WordPress postTabs plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-1781

The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

CVE-2022-1781

The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

CVE-2022-1781

The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

Cross site scripting

The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

CVE-2022-1781

The CVE-2022-1781 entry concerns the WordPress plugin postTabs (versions up to 2.10.6). The root cause is missing CSRF protection when updating settings, which can allow a logged-in attacker to perform a CSRF attack to change settings. This action can also lead to Stored XSS due to lack of saniti...

WordPress plugin postTabs 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC...

WordPress postTabs plugin <= 2.10.6 - Arbitrary Settings Update via CSRF vulnerability leading to XSS

Arbitrary Settings Update via CSRF vulnerability leading to XSS discovered by Daniel Ruf in WordPress postTabs plugin versions = 2.10.6. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a full revi...