7 matches found
CVE-2023-0603
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-0603
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Cross site request forgery (csrf)
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-0603 Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-0603
CVE-2023-0603 concerns the WordPress plugin Sloth Logo Customizer (versions <= 2.0.2). The issue is a lack of CSRF protection when updating settings, coupled with missing sanitization and escaping, enabling a logged-in attacker to induce Stored XSS payloads via a CSRF attack. Root cause: absen...
PT-2023-16393 · WordPress · Sloth Logo Customizer
Name of the Vulnerable Software and Affected Versions: Sloth Logo Customizer WordPress plugin versions prior to 2.0.3 Description: The issue concerns a lack of CSRF check when updating settings, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add...
WordPress plugin Sloth Logo Customizer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...