CVE-2024-5767

The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5767

The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

WordPress Plugin sitetweet Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress sitetweet Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software sitetweet Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5767 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c48f5eb9dccc Credits WPscan Required privilege...

PT-2024-37134 · WordPress · Sitetweet

Name of the Vulnerable Software and Affected Versions: sitetweet WordPress plugin versions 0.2 and earlier Description: The issue concerns a lack of CSRF check in some areas of the plugin, along with missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored...

Sitetweet <= 0.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC The PoC will be displayed on June 25, 2024, to give users the time to update...