6 matches found
CVE-2023-0603
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-0603
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Cross site request forgery (csrf)
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-0603
CVE-2023-0603 concerns the WordPress plugin Sloth Logo Customizer (versions <= 2.0.2). The issue is a lack of CSRF protection when updating settings, coupled with missing sanitization and escaping, enabling a logged-in attacker to induce Stored XSS payloads via a CSRF attack. Root cause: absen...
WordPress plugin Sloth Logo Customizer θ·¨η«θζ¬ζΌζ΄
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-16393 Β· WordPress Β· Sloth Logo Customizer
Name of the Vulnerable Software and Affected Versions: Sloth Logo Customizer WordPress plugin versions prior to 2.0.3 Description: The issue concerns a lack of CSRF check when updating settings, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add...