12 matches found
CVE-2022-1787
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
WordPress Sideblog plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Sideblog plugin version 6.0 and earlier versions are vulnerable to cross-site request forgery, whic...
CVE-2022-1787
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2022-1787
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2022-1787
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
Cross site scripting
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2022-1787
The CVE-2022-1787 entry concerns the WordPress Sideblog plugin (versions up to 6.0). The root cause is absence of CSRF protection when updating settings, coupled with insufficient sanitisation/escaping, allowing an attacker with a logged-in admin session to perform a CSRF attack that can trigger ...
CVE-2022-1787 Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
WordPress plugin Sideblog 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Sideblog plugin version 6.0 and earlier versions are vulnerable to cross-site request forgery, whic...
WordPress Sideblog plugin <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS
Arbitrary Settings Update via CSRF to Stored XSS discovered by Daniel Ruf in WordPress Sideblog plugin versions = 6.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a full review...
Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC The XSS will be triggered in the Sideblog widget...
Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit; The XSS will be...