2 matches found
CVE-2022-1763
Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the...
WordPress Static Page eXtended plugin <= 2.1 - Arbitrary Settings Update via CSRF leading to Stored XSS
Arbitrary Settings Update via CSRF leading to Stored XSS discovered by Daniel Ruf in WordPress Static Page eXtended plugin versions = 2.1. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full...